Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

_ex-68/XP Antivirus problem, possibly others


  • This topic is locked This topic is locked
17 replies to this topic

#1 sinick

sinick

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:46 AM

Posted 23 December 2011 - 03:13 PM

I started receiving rogue "XP Antivirus" messages yesterday, and promptly ran SuperAntiSpyware in an attempt to remove the virus.

After a scan and reboot, I found that my keyboard and mouse were active during my motherboard loading screen, deactivated while the computer was at the "booting from cd" screen (the lights on both keyboard and mouse turned off and I was unable to press F8 to go into safe mode - both are wired via usb to my computer), and would turn back on when XP loaded on my machine and I was able to log in.

After rebooting, three "Open with" windows (asking me how to open the requested file) I had not seen before came up, with a file name consisting of multiple squares, with no other characters.

I also found that my file associations were not valid anymore. I could not run any .exe file normally, instead I was asked to choose which program to run what I had selected (I got around this by choosing the same program to execute the program I had selected - for example, executing firefox.exe with firefox). I was able to go online and download a file association package that fixed this issue. However, the "Open with" windows for the 3 "square" file names remained whenever I rebooted. So far I have just closed all three when they pop up.

Upon running SuperAntiSpyware again, as well as Malwarebytes, I still had infections. (I can attach the Malwarebytes log if requested). I rebooted my computer after these two scans completed and "cleaned" the infections.

After my computer had rebooted, I noticed _ex-68.exe in my task manager, which I did not recognize. After googling it, I realized I may need extra help in dealing with this problem.

I was unable to run GMER. A short time after executing it a blue screen with text flashed quickly on my screen, disappeared, and my computer restarted. It was not on my screen long enough for me to read it. I also heard a clicking noise in my computer different than the regular sounds I am used to. Almost like a short crinkle noise.

Let me know what I can do in order to fix these problems.

DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Admin at 13:45:27 on 2011-12-23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3582.2351 [GMT -6:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UltraVNC Addons\uvnc_service.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\Temp\_ex-68.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Motorola Mobility\MotoCast\MotoCast.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugin-container.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\Program Files\Cobian Backup 10\Cobian.exe
C:\Program Files\Cobian Backup 10\cbInterface.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\Admin\Desktop\Defogger.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = local;*.local;192.168.*.*
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\styler\tb\StylerTB.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
uRun: [Google Update] "c:\documents and settings\admin\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [MotoCast] "c:\program files\motorola mobility\motocast\MotoLauncher.lnk"
uRun: [MusicManager] "c:\documents and settings\admin\local settings\application data\programs\google\musicmanager\MusicManager.exe"
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [GBB36X Configure] c:\windows\system32\JMRaidTool.exe boot
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [NPSStartup]
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [MozillaAgent] c:\windows\temp\_ex-68.exe
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\admin\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\styler.lnk - c:\documents and settings\admin\application data\microsoft\installer\{e9ecf354-2422-4fdb-9abf-d8adac0ef941}\_585b207a.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\launchy.lnk - c:\program files\launchy\Launchy.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1235253539500
DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v4.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1235253943156
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://play.battlefield-heroes.com/static/updater/BFHUpdater_4.0.15.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{00B3A75B-9A9A-4EDE-9286-804A13E1D337} : DhcpNameServer = 192.168.0.1
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 69.72.252.254 www.google-analytics.com.
Hosts: 69.72.252.254 ad-emea.doubleclick.net.
Hosts: 69.72.252.254 www.statcounter.com.
Hosts: 184.95.41.155 www.google-analytics.com.
Hosts: 184.95.41.155 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\admin\application data\mozilla\firefox\profiles\fyrfcmdo.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://paulgraham.com/head.html
FF - prefs.js: keyword.URL - hxxp://www.google.co.in/search?btnG=Google+Search&q=
FF - plugin: c:\documents and settings\admin\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\documents and settings\admin\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-1-15 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-7-6 116608]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian backup 10\cbVSCService.exe [2011-12-23 67584]
R2 DeviceMonitorService;DeviceMonitorService;c:\program files\motorola media link\lite\NServiceEntry.exe [2011-11-19 87368]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-10-14 233472]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2011-7-27 6656]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-10-27 10384]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-11-14 218992]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-4-23 2253120]
R2 Uvnc_service;Uvnc_service;c:\program files\ultravnc addons\uvnc_service.exe [2009-11-10 63296]
R2 V2WCDRV;Video2Webcam;c:\windows\system32\drivers\V2WCDRV.sys [2011-7-6 1053056]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-2-22 24652]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2009-11-10 13384]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-10-14 36608]
R3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2011-12-23 50704]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\documents and settings\admin\my documents\my downloads\vcdrom.sys --> c:\documents and settings\admin\my documents\my downloads\VCdRom.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 PEVSystemStart;PEVSystemStart;c:\combofix\pev.3XE [2011-6-26 256000]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2011-11-30 25856]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2011-11-30 20480]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2011-11-30 8320]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2011-11-30 11008]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PAC207;Webcam 1200;c:\windows\system32\drivers\PFC027.SYS [2011-7-6 611584]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 12872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XDva248;XDva248;\??\c:\windows\system32\xdva248.sys --> c:\windows\system32\XDva248.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== Created Last 30 ================
.
2011-12-23 19:35:45 -------- d-----w- c:\documents and settings\admin\local settings\application data\Safe mirror
2011-12-23 19:35:23 -------- d-----w- c:\program files\Cobian Backup 10
2011-12-23 19:23:45 -------- d-s---w- C:\ComboFix
2011-12-23 19:15:58 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-12-23 19:15:58 456320 ----a-w- c:\windows\system32\dllcache\mrxsmb.sys
2011-12-23 19:10:21 -------- d-sha-r- C:\cmdcons
2011-12-23 19:08:55 98816 ----a-w- c:\windows\sed.exe
2011-12-23 19:08:55 518144 ----a-w- c:\windows\SWREG.exe
2011-12-23 19:08:55 256000 ----a-w- c:\windows\PEV.exe
2011-12-23 19:08:55 208896 ----a-w- c:\windows\MBR.exe
2011-12-23 09:01:51 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2011-12-23 09:01:51 281104 ----a-w- c:\windows\system32\wpcap.dll
2011-12-23 09:01:51 100880 ----a-w- c:\windows\system32\Packet.dll
2011-12-22 19:58:58 -------- d-----w- c:\program files\RocketDock
2011-12-20 05:34:04 -------- d-----w- c:\program files\doubleTwist 2.0
2011-12-20 01:34:38 -------- d-----w- c:\documents and settings\admin\application data\Fallon.957283BD7AE99C519B762F3E2F85073ED97331F2.1
2011-12-15 05:25:01 -------- d-----w- c:\documents and settings\admin\application data\Nicalis
2011-12-14 06:38:59 -------- d-----w- c:\documents and settings\admin\local settings\application data\BIT.TRIP RUNNER
2011-12-05 23:21:53 -------- d-----w- c:\documents and settings\admin\local settings\application data\Programs
2011-12-05 23:10:32 -------- d-----w- c:\documents and settings\admin\local settings\application data\Motorola
2011-12-01 01:55:03 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-11-30 19:35:09 -------- d-----w- c:\documents and settings\admin\local settings\application data\Evernote
2011-11-30 19:32:28 -------- d-----w- c:\program files\Evernote
2011-11-30 19:19:35 -------- d-----w- C:\New Folder
2011-11-29 19:53:56 -------- d-----w- c:\program files\dredmor_humblebundle_win_2011_11_18
.
==================== Find3M ====================
.
2011-12-15 07:11:04 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-12-15 07:11:04 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-14 18:18:50 285336 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-11-14 18:18:50 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-11-14 18:18:48 285336 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 22:05:50 323624 ----a-w- c:\windows\system32\wiaaut.dll
2011-09-28 07:05:47 599552 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 13:45:59.42 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:46 AM

Posted 29 December 2011 - 07:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/434203 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:46 PM

Posted 02 January 2012 - 08:27 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Please run aswMBR in place of Gmer

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#4 sinick

sinick
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:46 AM

Posted 04 January 2012 - 06:35 PM

I have continued to run scans/remove problems/reboot my computer with SuperAntiSpyware while waiting for a topic reply, so some of my problems may have been resolved (I don't see _ex-68 running anymore, but it still might be a problem, and I do not get XP Antivirus prompts anymore). I will not scan my computer from now on without supervision. I am still having the symptoms I listed above (keyboard disable, asking how to open 3 unknown files). I also noticed I get seemingly random internet redirects to different websites while browsing. I will post the new DDS first, then try to post the aswMBR after (instead of the GMER) in case my computer gets a blue screen and reboots again.

I think I have my original Windows CD/DVD, I just have to look for it. It's possible that I won't find it though.

EDIT: Finished the aswMBR scan, it is posted below the DDS.

New DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Admin at 17:28:11 on 2012-01-04
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3582.2490 [GMT -6:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UltraVNC Addons\uvnc_service.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Motorola Mobility\MotoCast\MotoCast.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe
C:\Program Files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = local;*.local;192.168.*.*
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\styler\tb\StylerTB.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
uRun: [Google Update] "c:\documents and settings\admin\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [MotoCast] "c:\program files\motorola mobility\motocast\MotoLauncher.lnk"
uRun: [MusicManager] "c:\documents and settings\admin\local settings\application data\programs\google\musicmanager\MusicManager.exe"
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [GBB36X Configure] c:\windows\system32\JMRaidTool.exe boot
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [NPSStartup]
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\admin\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\styler.lnk - c:\documents and settings\admin\application data\microsoft\installer\{e9ecf354-2422-4fdb-9abf-d8adac0ef941}\_585b207a.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\launchy.lnk - c:\program files\launchy\Launchy.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1235253539500
DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v4.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1235253943156
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://play.battlefield-heroes.com/static/updater/BFHUpdater_4.0.15.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{00B3A75B-9A9A-4EDE-9286-804A13E1D337} : DhcpNameServer = 192.168.0.1
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 69.72.252.254 www.google-analytics.com.
Hosts: 69.72.252.254 ad-emea.doubleclick.net.
Hosts: 69.72.252.254 www.statcounter.com.
Hosts: 184.95.41.155 www.google-analytics.com.
Hosts: 184.95.41.155 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\admin\application data\mozilla\firefox\profiles\fyrfcmdo.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://paulgraham.com/head.html
FF - prefs.js: keyword.URL - hxxp://www.google.co.in/search?btnG=Google+Search&q=
FF - plugin: c:\documents and settings\admin\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\documents and settings\admin\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-1-15 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-7-6 116608]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian backup 10\cbVSCService.exe [2011-12-23 67584]
R2 DeviceMonitorService;DeviceMonitorService;c:\program files\motorola media link\lite\NServiceEntry.exe [2011-11-19 87368]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-10-14 233472]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2011-7-27 6656]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-10-27 10384]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-11-14 218992]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-4-23 2253120]
R2 Uvnc_service;Uvnc_service;c:\program files\ultravnc addons\uvnc_service.exe [2009-11-10 63296]
R2 V2WCDRV;Video2Webcam;c:\windows\system32\drivers\V2WCDRV.sys [2011-7-6 1053056]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-2-22 24652]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2009-11-10 13384]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-10-14 36608]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\documents and settings\admin\my documents\my downloads\vcdrom.sys --> c:\documents and settings\admin\my documents\my downloads\VCdRom.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 PEVSystemStart;PEVSystemStart;c:\combofix\pev.3XE [2011-6-26 256000]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-12-30 40776]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2011-11-30 25856]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2011-11-30 20480]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2011-11-30 8320]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2011-11-30 11008]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2011-12-23 50704]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PAC207;Webcam 1200;c:\windows\system32\drivers\PFC027.SYS [2011-7-6 611584]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 12872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XDva248;XDva248;\??\c:\windows\system32\xdva248.sys --> c:\windows\system32\XDva248.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== Created Last 30 ================
.
2011-12-30 16:24:14 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-12-23 20:26:03 -------- d-----w- C:\backup
2011-12-23 19:35:45 -------- d-----w- c:\documents and settings\admin\local settings\application data\Safe mirror
2011-12-23 19:35:23 -------- d-----w- c:\program files\Cobian Backup 10
2011-12-23 19:23:45 -------- d-s---w- C:\ComboFix
2011-12-23 19:15:58 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-12-23 19:15:58 456320 ----a-w- c:\windows\system32\dllcache\mrxsmb.sys
2011-12-23 19:10:21 -------- d-sha-r- C:\cmdcons
2011-12-23 19:08:55 98816 ----a-w- c:\windows\sed.exe
2011-12-23 19:08:55 518144 ----a-w- c:\windows\SWREG.exe
2011-12-23 19:08:55 256000 ----a-w- c:\windows\PEV.exe
2011-12-23 19:08:55 208896 ----a-w- c:\windows\MBR.exe
2011-12-23 09:01:51 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2011-12-23 09:01:51 281104 ----a-w- c:\windows\system32\wpcap.dll
2011-12-23 09:01:51 100880 ----a-w- c:\windows\system32\Packet.dll
2011-12-22 19:58:58 -------- d-----w- c:\program files\RocketDock
2011-12-20 05:34:04 -------- d-----w- c:\program files\doubleTwist 2.0
2011-12-20 01:34:38 -------- d-----w- c:\documents and settings\admin\application data\Fallon.957283BD7AE99C519B762F3E2F85073ED97331F2.1
2011-12-15 05:25:01 -------- d-----w- c:\documents and settings\admin\application data\Nicalis
2011-12-14 06:38:59 -------- d-----w- c:\documents and settings\admin\local settings\application data\BIT.TRIP RUNNER
.
==================== Find3M ====================
.
2011-12-25 01:15:41 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-12-25 01:15:41 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-12-10 21:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-14 18:18:50 285336 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-11-14 18:18:50 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-11-14 18:18:48 285336 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 22:05:50 323624 ----a-w- c:\windows\system32\wiaaut.dll
.
============= FINISH: 17:29:00.17 ===============




aswMBR:


aswMBR version 0.9.9.1156 Copyright© 2011 AVAST Software
Run date: 2012-01-04 17:37:03
-----------------------------
17:37:03.609 OS Version: Windows 5.1.2600 Service Pack 3
17:37:03.609 Number of processors: 2 586 0xF06
17:37:03.609 ComputerName: NICK-9897FD19A0 UserName: Admin
17:37:04.046 Initialize success
17:40:22.250 AVAST engine defs: 12010401
17:44:49.312 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-12
17:44:49.312 Disk 0 Vendor: WDC_WD3000GLFS-01F8U0 03.03V01 Size: 286167MB BusType: 3
17:44:49.328 Disk 0 MBR read successfully
17:44:49.328 Disk 0 MBR scan
17:44:49.343 Disk 0 Windows XP default MBR code
17:44:49.359 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 286157 MB offset 63
17:44:49.359 Disk 0 scanning sectors +586051200
17:44:49.390 Disk 0 scanning C:\WINDOWS\system32\drivers
17:44:55.218 Service scanning
17:44:56.390 Service ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys **LOCKED** 32
17:44:57.000 Modules scanning
17:45:09.140 Disk 0 trace - called modules:
17:45:09.156 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys >>UNKNOWN [0x8b204891]<<
17:45:09.156 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b336ab8]
17:45:09.156 3 CLASSPNP.SYS[b80f8fd7] -> nt!IofCallDriver -> \Device\0000006f[0x8b3564d0]
17:45:09.171 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-12[0x8b2dcd98]
17:45:09.578 AVAST engine scan C:\WINDOWS
17:45:14.078 AVAST engine scan C:\WINDOWS\system32
17:46:13.515 AVAST engine scan C:\WINDOWS\system32\drivers
17:46:22.046 AVAST engine scan C:\Documents and Settings\Admin
17:55:00.656 AVAST engine scan C:\Documents and Settings\All Users
18:06:58.078 Scan finished successfully
18:35:01.375 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Admin\Desktop\MBR.dat"
18:35:01.375 The log file has been saved successfully to "C:\Documents and Settings\Admin\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1156 Copyright© 2011 AVAST Software
Run date: 2012-01-04 17:37:03
-----------------------------
17:37:03.609 OS Version: Windows 5.1.2600 Service Pack 3
17:37:03.609 Number of processors: 2 586 0xF06
17:37:03.609 ComputerName: NICK-9897FD19A0 UserName: Admin
17:37:04.046 Initialize success
17:40:22.250 AVAST engine defs: 12010401
17:44:49.312 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-12
17:44:49.312 Disk 0 Vendor: WDC_WD3000GLFS-01F8U0 03.03V01 Size: 286167MB BusType: 3
17:44:49.328 Disk 0 MBR read successfully
17:44:49.328 Disk 0 MBR scan
17:44:49.343 Disk 0 Windows XP default MBR code
17:44:49.359 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 286157 MB offset 63
17:44:49.359 Disk 0 scanning sectors +586051200
17:44:49.390 Disk 0 scanning C:\WINDOWS\system32\drivers
17:44:55.218 Service scanning
17:44:56.390 Service ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys **LOCKED** 32
17:44:57.000 Modules scanning
17:45:09.140 Disk 0 trace - called modules:
17:45:09.156 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys >>UNKNOWN [0x8b204891]<<
17:45:09.156 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b336ab8]
17:45:09.156 3 CLASSPNP.SYS[b80f8fd7] -> nt!IofCallDriver -> \Device\0000006f[0x8b3564d0]
17:45:09.171 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-12[0x8b2dcd98]
17:45:09.578 AVAST engine scan C:\WINDOWS
17:45:14.078 AVAST engine scan C:\WINDOWS\system32
17:46:13.515 AVAST engine scan C:\WINDOWS\system32\drivers
17:46:22.046 AVAST engine scan C:\Documents and Settings\Admin
17:55:00.656 AVAST engine scan C:\Documents and Settings\All Users
18:06:58.078 Scan finished successfully
18:35:01.375 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Admin\Desktop\MBR.dat"
18:35:01.375 The log file has been saved successfully to "C:\Documents and Settings\Admin\Desktop\aswMBR.txt"
18:36:23.562 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Admin\Desktop\MBR.dat"
18:36:23.562 The log file has been saved successfully to "C:\Documents and Settings\Admin\Desktop\aswMBR.txt"

Attached Files


Edited by sinick, 04 January 2012 - 07:37 PM.


#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:46 PM

Posted 04 January 2012 - 07:49 PM

Still sounds like you have other problems on the machine. aswMBR is hinting at that.

Please run TDSSKiller at this stage

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#6 sinick

sinick
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:46 AM

Posted 04 January 2012 - 09:10 PM

20:03:42.0500 5124 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
20:03:43.0031 5124 ============================================================
20:03:43.0031 5124 Current date / time: 2012/01/04 20:03:43.0031
20:03:43.0031 5124 SystemInfo:
20:03:43.0031 5124
20:03:43.0031 5124 OS Version: 5.1.2600 ServicePack: 3.0
20:03:43.0031 5124 Product type: Workstation
20:03:43.0031 5124 ComputerName: NICK-9897FD19A0
20:03:43.0031 5124 UserName: Admin
20:03:43.0031 5124 Windows directory: C:\WINDOWS
20:03:43.0031 5124 System windows directory: C:\WINDOWS
20:03:43.0031 5124 Processor architecture: Intel x86
20:03:43.0031 5124 Number of processors: 2
20:03:43.0031 5124 Page size: 0x1000
20:03:43.0031 5124 Boot type: Normal boot
20:03:43.0031 5124 ============================================================
20:03:43.0750 5124 Initialize success
20:03:50.0843 3340 ============================================================
20:03:50.0843 3340 Scan started
20:03:50.0843 3340 Mode: Manual;
20:03:50.0843 3340 ============================================================
20:03:51.0843 3340 Abiosdsk - ok
20:03:51.0859 3340 abp480n5 - ok
20:03:51.0890 3340 ACPI (d8fb7d1c3f5bfa3f53fe9cc6367e9e99) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:03:51.0890 3340 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: d8fb7d1c3f5bfa3f53fe9cc6367e9e99, Fake md5: 8fd99680a539792a30e97944fdaecf17
20:03:51.0890 3340 ACPI ( Virus.Win32.Rloader.a ) - infected
20:03:51.0890 3340 ACPI - detected Virus.Win32.Rloader.a (0)
20:03:51.0906 3340 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:03:51.0906 3340 ACPIEC - ok
20:03:51.0921 3340 adpu160m - ok
20:03:51.0937 3340 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:03:51.0937 3340 aec - ok
20:03:51.0953 3340 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
20:03:51.0953 3340 AegisP - ok
20:03:51.0984 3340 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:03:51.0984 3340 AFD - ok
20:03:52.0000 3340 Aha154x - ok
20:03:52.0000 3340 aic78u2 - ok
20:03:52.0015 3340 aic78xx - ok
20:03:52.0031 3340 AliIde - ok
20:03:52.0046 3340 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
20:03:52.0046 3340 AmdLLD - ok
20:03:52.0046 3340 amsint - ok
20:03:52.0062 3340 asc - ok
20:03:52.0078 3340 asc3350p - ok
20:03:52.0078 3340 asc3550 - ok
20:03:52.0093 3340 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:03:52.0093 3340 AsyncMac - ok
20:03:52.0109 3340 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:03:52.0109 3340 atapi - ok
20:03:52.0109 3340 Atdisk - ok
20:03:52.0125 3340 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:03:52.0125 3340 Atmarpc - ok
20:03:52.0156 3340 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:03:52.0156 3340 audstub - ok
20:03:52.0187 3340 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:03:52.0187 3340 Beep - ok
20:03:52.0312 3340 catchme - ok
20:03:52.0328 3340 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:03:52.0328 3340 cbidf2k - ok
20:03:52.0359 3340 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:03:52.0359 3340 CCDECODE - ok
20:03:52.0375 3340 cd20xrnt - ok
20:03:52.0390 3340 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:03:52.0390 3340 Cdaudio - ok
20:03:52.0406 3340 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:03:52.0421 3340 Cdfs - ok
20:03:52.0437 3340 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:03:52.0437 3340 Cdrom - ok
20:03:52.0437 3340 Changer - ok
20:03:52.0453 3340 CmdIde - ok
20:03:52.0453 3340 Cpqarray - ok
20:03:52.0468 3340 dac2w2k - ok
20:03:52.0468 3340 dac960nt - ok
20:03:52.0500 3340 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:03:52.0515 3340 Disk - ok
20:03:52.0578 3340 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:03:52.0593 3340 dmboot - ok
20:03:52.0640 3340 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:03:52.0640 3340 dmio - ok
20:03:52.0656 3340 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:03:52.0656 3340 dmload - ok
20:03:52.0671 3340 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:03:52.0671 3340 DMusic - ok
20:03:52.0687 3340 dpti2o - ok
20:03:52.0703 3340 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:03:52.0703 3340 drmkaud - ok
20:03:52.0718 3340 dsNcAdpt - ok
20:03:52.0718 3340 EagleNT - ok
20:03:52.0750 3340 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:03:52.0750 3340 Fastfat - ok
20:03:52.0765 3340 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:03:52.0765 3340 Fdc - ok
20:03:52.0781 3340 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:03:52.0781 3340 Fips - ok
20:03:52.0781 3340 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:03:52.0781 3340 Flpydisk - ok
20:03:52.0812 3340 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:03:52.0828 3340 FltMgr - ok
20:03:52.0843 3340 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
20:03:52.0859 3340 FsUsbExDisk - ok
20:03:52.0859 3340 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:03:52.0859 3340 Fs_Rec - ok
20:03:52.0875 3340 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:03:52.0875 3340 Ftdisk - ok
20:03:52.0890 3340 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:03:52.0890 3340 GEARAspiWDM - ok
20:03:52.0906 3340 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
20:03:52.0906 3340 giveio - ok
20:03:52.0921 3340 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:03:52.0921 3340 Gpc - ok
20:03:52.0953 3340 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
20:03:52.0953 3340 hamachi - ok
20:03:52.0968 3340 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:03:52.0968 3340 HDAudBus - ok
20:03:53.0000 3340 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:03:53.0000 3340 HidUsb - ok
20:03:53.0031 3340 hpn - ok
20:03:53.0062 3340 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:03:53.0062 3340 HPZid412 - ok
20:03:53.0109 3340 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:03:53.0109 3340 HPZipr12 - ok
20:03:53.0125 3340 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:03:53.0125 3340 HPZius12 - ok
20:03:53.0156 3340 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:03:53.0156 3340 HTTP - ok
20:03:53.0156 3340 i2omgmt - ok
20:03:53.0171 3340 i2omp - ok
20:03:53.0187 3340 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:03:53.0187 3340 i8042prt - ok
20:03:53.0187 3340 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:03:53.0203 3340 Imapi - ok
20:03:53.0218 3340 ini910u - ok
20:03:53.0328 3340 IntcAzAudAddService (12f4d2aa29745dc2a403ff42e75cf7fa) C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:03:53.0390 3340 IntcAzAudAddService - ok
20:03:53.0453 3340 IntelIde - ok
20:03:53.0468 3340 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:03:53.0468 3340 intelppm - ok
20:03:53.0484 3340 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:03:53.0484 3340 Ip6Fw - ok
20:03:53.0500 3340 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:03:53.0500 3340 IpFilterDriver - ok
20:03:53.0515 3340 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:03:53.0515 3340 IpInIp - ok
20:03:53.0531 3340 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:03:53.0546 3340 IpNat - ok
20:03:53.0562 3340 iPodDrv (cf79ff3d10864f73660a34e006b6b8f8) C:\WINDOWS\system32\drivers\iPodDrv.sys
20:03:53.0562 3340 iPodDrv - ok
20:03:53.0578 3340 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:03:53.0578 3340 IPSec - ok
20:03:53.0593 3340 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:03:53.0593 3340 IRENUM - ok
20:03:53.0609 3340 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:03:53.0625 3340 isapnp - ok
20:03:53.0625 3340 JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\WINDOWS\system32\DRIVERS\JGOGO.sys
20:03:53.0625 3340 JGOGO - ok
20:03:53.0640 3340 JRAID (dac317a5efd8fe13fe7ec8e2b2e1d549) C:\WINDOWS\system32\DRIVERS\jraid.sys
20:03:53.0640 3340 JRAID - ok
20:03:53.0671 3340 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:03:53.0671 3340 Kbdclass - ok
20:03:53.0687 3340 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:03:53.0687 3340 kbdhid - ok
20:03:53.0718 3340 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:03:53.0718 3340 kmixer - ok
20:03:53.0765 3340 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:03:53.0765 3340 KSecDD - ok
20:03:53.0781 3340 Lbd - ok
20:03:53.0796 3340 LBeepKE (8f4d784b3f22f468eea99da02b0e39e5) C:\WINDOWS\system32\Drivers\LBeepKE.sys
20:03:53.0796 3340 LBeepKE - ok
20:03:53.0796 3340 lbrtfdc - ok
20:03:53.0843 3340 LHidFilt (dd83dc92463fce6324fd30a13d17d0da) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
20:03:53.0843 3340 LHidFilt - ok
20:03:53.0875 3340 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
20:03:53.0875 3340 LMouFilt - ok
20:03:53.0890 3340 LUsbFilt (77030525cd86a93f1af34fa9b96d33ce) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
20:03:53.0890 3340 LUsbFilt - ok
20:03:53.0921 3340 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
20:03:53.0921 3340 MBAMSwissArmy - ok
20:03:53.0937 3340 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:03:53.0937 3340 mnmdd - ok
20:03:53.0953 3340 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:03:53.0953 3340 Modem - ok
20:03:53.0968 3340 motandroidusb (0a43169e115b5e9346a4ba1effcb04cb) C:\WINDOWS\system32\Drivers\motoandroid.sys
20:03:53.0968 3340 motandroidusb - ok
20:03:54.0046 3340 motccgp (f4ea1193a52c8fe4b8a135e210abe546) C:\WINDOWS\system32\DRIVERS\motccgp.sys
20:03:54.0046 3340 motccgp - ok
20:03:54.0062 3340 motccgpfl (b812da6605caf02641312f1f65c75419) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
20:03:54.0062 3340 motccgpfl - ok
20:03:54.0078 3340 MotDev (e190ed75bcc7928143f8f2af4c34d91d) C:\WINDOWS\system32\DRIVERS\motodrv.sys
20:03:54.0078 3340 MotDev - ok
20:03:54.0093 3340 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\WINDOWS\system32\DRIVERS\motswch.sys
20:03:54.0093 3340 MotoSwitchService - ok
20:03:54.0109 3340 motusbdevice (f18898d418f43e74a93edc57e1f28bc9) C:\WINDOWS\system32\DRIVERS\motusbdevice.sys
20:03:54.0109 3340 motusbdevice - ok
20:03:54.0125 3340 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:03:54.0125 3340 Mouclass - ok
20:03:54.0140 3340 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:03:54.0140 3340 mouhid - ok
20:03:54.0171 3340 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:03:54.0171 3340 MountMgr - ok
20:03:54.0187 3340 mraid35x - ok
20:03:54.0187 3340 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:03:54.0203 3340 MRxDAV - ok
20:03:54.0250 3340 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:03:54.0250 3340 MRxSmb - ok
20:03:54.0312 3340 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:03:54.0312 3340 Msfs - ok
20:03:54.0328 3340 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:03:54.0328 3340 MSKSSRV - ok
20:03:54.0343 3340 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:03:54.0343 3340 MSPCLOCK - ok
20:03:54.0359 3340 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:03:54.0359 3340 MSPQM - ok
20:03:54.0375 3340 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:03:54.0375 3340 mssmbios - ok
20:03:54.0390 3340 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:03:54.0390 3340 MSTEE - ok
20:03:54.0406 3340 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:03:54.0421 3340 Mup - ok
20:03:54.0453 3340 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:03:54.0453 3340 NABTSFEC - ok
20:03:54.0468 3340 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:03:54.0484 3340 NDIS - ok
20:03:54.0546 3340 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:03:54.0546 3340 NdisIP - ok
20:03:54.0562 3340 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:03:54.0578 3340 NdisTapi - ok
20:03:54.0593 3340 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:03:54.0593 3340 Ndisuio - ok
20:03:54.0609 3340 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:03:54.0625 3340 NdisWan - ok
20:03:54.0656 3340 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:03:54.0656 3340 NDProxy - ok
20:03:54.0656 3340 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:03:54.0656 3340 NetBIOS - ok
20:03:54.0671 3340 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:03:54.0687 3340 NetBT - ok
20:03:54.0718 3340 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\NPF.sys
20:03:54.0718 3340 NPF - ok
20:03:54.0734 3340 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:03:54.0734 3340 Npfs - ok
20:03:54.0765 3340 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:03:54.0781 3340 Ntfs - ok
20:03:54.0843 3340 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:03:54.0843 3340 Null - ok
20:03:55.0281 3340 nv (4b54dcd6adee535df80f07c59ddd8f14) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:03:55.0593 3340 nv - ok
20:03:55.0718 3340 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:03:55.0718 3340 NwlnkFlt - ok
20:03:55.0750 3340 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:03:55.0750 3340 NwlnkFwd - ok
20:03:55.0781 3340 PAC207 (509039b85c95e6e85cb7a8e3465fb702) C:\WINDOWS\system32\DRIVERS\PFC027.SYS
20:03:55.0796 3340 PAC207 - ok
20:03:55.0843 3340 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:03:55.0843 3340 Parport - ok
20:03:55.0859 3340 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:03:55.0859 3340 PartMgr - ok
20:03:55.0859 3340 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:03:55.0859 3340 ParVdm - ok
20:03:55.0875 3340 pccsmcfd - ok
20:03:55.0875 3340 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:03:55.0875 3340 PCI - ok
20:03:55.0890 3340 PCIDump - ok
20:03:55.0890 3340 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:03:55.0890 3340 PCIIde - ok
20:03:55.0921 3340 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:03:55.0921 3340 Pcmcia - ok
20:03:55.0921 3340 PDCOMP - ok
20:03:55.0921 3340 PDFRAME - ok
20:03:55.0937 3340 PDRELI - ok
20:03:55.0937 3340 PDRFRAME - ok
20:03:55.0953 3340 perc2 - ok
20:03:55.0953 3340 perc2hib - ok
20:03:55.0984 3340 Point32 (cf7c1868b90c90a265fc3f60ce46265b) C:\WINDOWS\system32\DRIVERS\point32.sys
20:03:55.0984 3340 Point32 - ok
20:03:56.0000 3340 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:03:56.0000 3340 PptpMiniport - ok
20:03:56.0015 3340 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:03:56.0015 3340 PSched - ok
20:03:56.0015 3340 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:03:56.0015 3340 Ptilink - ok
20:03:56.0031 3340 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:03:56.0031 3340 PxHelp20 - ok
20:03:56.0046 3340 ql1080 - ok
20:03:56.0046 3340 Ql10wnt - ok
20:03:56.0046 3340 ql12160 - ok
20:03:56.0062 3340 ql1240 - ok
20:03:56.0062 3340 ql1280 - ok
20:03:56.0093 3340 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:03:56.0093 3340 RasAcd - ok
20:03:56.0093 3340 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:03:56.0109 3340 Rasl2tp - ok
20:03:56.0109 3340 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:03:56.0109 3340 RasPppoe - ok
20:03:56.0109 3340 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:03:56.0125 3340 Raspti - ok
20:03:56.0125 3340 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:03:56.0125 3340 Rdbss - ok
20:03:56.0140 3340 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:03:56.0140 3340 RDPCDD - ok
20:03:56.0156 3340 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:03:56.0171 3340 RDPWD - ok
20:03:56.0171 3340 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:03:56.0171 3340 redbook - ok
20:03:56.0203 3340 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\WINDOWS\system32\DRIVERS\RsFx0103.sys
20:03:56.0203 3340 RsFx0103 - ok
20:03:56.0265 3340 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:03:56.0265 3340 SASDIFSV - ok
20:03:56.0281 3340 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
20:03:56.0281 3340 SASENUM - ok
20:03:56.0296 3340 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
20:03:56.0296 3340 SASKUTIL - ok
20:03:56.0390 3340 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:03:56.0390 3340 Secdrv - ok
20:03:56.0437 3340 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:03:56.0437 3340 serenum - ok
20:03:56.0453 3340 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:03:56.0453 3340 Serial - ok
20:03:56.0468 3340 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:03:56.0468 3340 Sfloppy - ok
20:03:56.0484 3340 Simbad - ok
20:03:56.0500 3340 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:03:56.0515 3340 SLIP - ok
20:03:56.0515 3340 Sparrow - ok
20:03:56.0531 3340 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
20:03:56.0546 3340 speedfan - ok
20:03:56.0546 3340 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:03:56.0546 3340 splitter - ok
20:03:56.0562 3340 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:03:56.0562 3340 sr - ok
20:03:56.0593 3340 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:03:56.0593 3340 Srv - ok
20:03:56.0640 3340 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
20:03:56.0640 3340 sscdbus - ok
20:03:56.0656 3340 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
20:03:56.0656 3340 sscdmdfl - ok
20:03:56.0671 3340 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
20:03:56.0671 3340 sscdmdm - ok
20:03:56.0703 3340 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:03:56.0718 3340 streamip - ok
20:03:56.0734 3340 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:03:56.0734 3340 swenum - ok
20:03:56.0750 3340 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:03:56.0750 3340 swmidi - ok
20:03:56.0765 3340 symc810 - ok
20:03:56.0765 3340 symc8xx - ok
20:03:56.0781 3340 sym_hi - ok
20:03:56.0781 3340 sym_u3 - ok
20:03:56.0796 3340 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:03:56.0796 3340 sysaudio - ok
20:03:56.0843 3340 tapvpn (27a2c318cd28cfb3eb2200fd96af1e58) C:\WINDOWS\system32\DRIVERS\tapvpn.sys
20:03:56.0843 3340 tapvpn - ok
20:03:56.0875 3340 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:03:56.0875 3340 Tcpip - ok
20:03:56.0906 3340 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:03:56.0906 3340 TDPIPE - ok
20:03:56.0921 3340 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:03:56.0921 3340 TDTCP - ok
20:03:56.0937 3340 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:03:56.0937 3340 TermDD - ok
20:03:56.0953 3340 TosIde - ok
20:03:56.0968 3340 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:03:56.0968 3340 Udfs - ok
20:03:56.0968 3340 ultra - ok
20:03:57.0000 3340 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:03:57.0000 3340 Update - ok
20:03:57.0015 3340 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:03:57.0031 3340 USBAAPL - ok
20:03:57.0125 3340 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
20:03:57.0140 3340 usbaudio - ok
20:03:57.0156 3340 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:03:57.0156 3340 usbccgp - ok
20:03:57.0187 3340 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:03:57.0187 3340 usbehci - ok
20:03:57.0234 3340 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:03:57.0234 3340 usbhub - ok
20:03:57.0265 3340 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:03:57.0265 3340 usbprint - ok
20:03:57.0296 3340 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:03:57.0296 3340 usbscan - ok
20:03:57.0312 3340 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:03:57.0312 3340 USBSTOR - ok
20:03:57.0343 3340 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:03:57.0343 3340 usbuhci - ok
20:03:57.0390 3340 V2WCDRV (9519d5ec6da0a9e38acc82b466596f2c) C:\WINDOWS\system32\DRIVERS\V2WCDRV.sys
20:03:57.0421 3340 V2WCDRV - ok
20:03:57.0484 3340 vcdrom - ok
20:03:57.0562 3340 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:03:57.0562 3340 VgaSave - ok
20:03:57.0562 3340 ViaIde - ok
20:03:57.0593 3340 vnccom (f6a0cc36f4cbda21b220ff2fb2195a36) C:\WINDOWS\system32\Drivers\vnccom.SYS
20:03:57.0593 3340 vnccom - ok
20:03:57.0609 3340 vncdrv (6a3835b5925a3ebb3c357446fe867824) C:\WINDOWS\system32\DRIVERS\vncdrv.sys
20:03:57.0609 3340 vncdrv - ok
20:03:57.0640 3340 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:03:57.0656 3340 VolSnap - ok
20:03:57.0671 3340 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:03:57.0671 3340 Wanarp - ok
20:03:57.0703 3340 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
20:03:57.0718 3340 Wdf01000 - ok
20:03:57.0781 3340 WDICA - ok
20:03:57.0812 3340 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:03:57.0828 3340 wdmaud - ok
20:03:57.0906 3340 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:03:57.0906 3340 WpdUsb - ok
20:03:57.0921 3340 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:03:57.0921 3340 WS2IFSL - ok
20:03:57.0953 3340 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:03:57.0953 3340 WSTCODEC - ok
20:03:57.0984 3340 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:03:57.0984 3340 WudfPf - ok
20:03:57.0984 3340 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:03:57.0984 3340 WudfRd - ok
20:03:58.0000 3340 XDva248 - ok
20:03:58.0062 3340 yukonwxp (5ee248f1c25579fe3561f7293cdcdc8e) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
20:03:58.0062 3340 yukonwxp - ok
20:03:58.0078 3340 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:03:58.0140 3340 \Device\Harddisk0\DR0 - ok
20:03:58.0156 3340 Boot (0x1200) (a10a7d16f2dd8a9035caac513f77b5a6) \Device\Harddisk0\DR0\Partition0
20:03:58.0156 3340 \Device\Harddisk0\DR0\Partition0 - ok
20:03:58.0156 3340 ============================================================
20:03:58.0156 3340 Scan finished
20:03:58.0156 3340 ============================================================
20:03:58.0156 5348 Detected object count: 1
20:03:58.0156 5348 Actual detected object count: 1
20:04:06.0593 5348 Backup copy found, using it..
20:04:06.0593 5348 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
20:04:06.0593 5348 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
20:04:19.0281 5252 Deinitialize success

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:46 PM

Posted 05 January 2012 - 06:12 PM

Please rerun aswMBR and post the new log.
Posted Image
m0le is a proud member of UNITE

#8 sinick

sinick
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:46 AM

Posted 05 January 2012 - 07:50 PM

aswMBR version 0.9.9.1156 Copyright© 2011 AVAST Software
Run date: 2012-01-04 17:37:03
-----------------------------
17:37:03.609 OS Version: Windows 5.1.2600 Service Pack 3
17:37:03.609 Number of processors: 2 586 0xF06
17:37:03.609 ComputerName: NICK-9897FD19A0 UserName: Admin
17:37:04.046 Initialize success
17:40:22.250 AVAST engine defs: 12010401
17:44:49.312 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-12
17:44:49.312 Disk 0 Vendor: WDC_WD3000GLFS-01F8U0 03.03V01 Size: 286167MB BusType: 3
17:44:49.328 Disk 0 MBR read successfully
17:44:49.328 Disk 0 MBR scan
17:44:49.343 Disk 0 Windows XP default MBR code
17:44:49.359 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 286157 MB offset 63
17:44:49.359 Disk 0 scanning sectors +586051200
17:44:49.390 Disk 0 scanning C:\WINDOWS\system32\drivers
17:44:55.218 Service scanning
17:44:56.390 Service ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys **LOCKED** 32
17:44:57.000 Modules scanning
17:45:09.140 Disk 0 trace - called modules:
17:45:09.156 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys >>UNKNOWN [0x8b204891]<<
17:45:09.156 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b336ab8]
17:45:09.156 3 CLASSPNP.SYS[b80f8fd7] -> nt!IofCallDriver -> \Device\0000006f[0x8b3564d0]
17:45:09.171 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-12[0x8b2dcd98]
17:45:09.578 AVAST engine scan C:\WINDOWS
17:45:14.078 AVAST engine scan C:\WINDOWS\system32
17:46:13.515 AVAST engine scan C:\WINDOWS\system32\drivers
17:46:22.046 AVAST engine scan C:\Documents and Settings\Admin
17:55:00.656 AVAST engine scan C:\Documents and Settings\All Users
18:06:58.078 Scan finished successfully
18:35:01.375 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Admin\Desktop\MBR.dat"
18:35:01.375 The log file has been saved successfully to "C:\Documents and Settings\Admin\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1156 Copyright© 2011 AVAST Software
Run date: 2012-01-04 17:37:03
-----------------------------
17:37:03.609 OS Version: Windows 5.1.2600 Service Pack 3
17:37:03.609 Number of processors: 2 586 0xF06
17:37:03.609 ComputerName: NICK-9897FD19A0 UserName: Admin
17:37:04.046 Initialize success
17:40:22.250 AVAST engine defs: 12010401
17:44:49.312 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-12
17:44:49.312 Disk 0 Vendor: WDC_WD3000GLFS-01F8U0 03.03V01 Size: 286167MB BusType: 3
17:44:49.328 Disk 0 MBR read successfully
17:44:49.328 Disk 0 MBR scan
17:44:49.343 Disk 0 Windows XP default MBR code
17:44:49.359 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 286157 MB offset 63
17:44:49.359 Disk 0 scanning sectors +586051200
17:44:49.390 Disk 0 scanning C:\WINDOWS\system32\drivers
17:44:55.218 Service scanning
17:44:56.390 Service ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys **LOCKED** 32
17:44:57.000 Modules scanning
17:45:09.140 Disk 0 trace - called modules:
17:45:09.156 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys >>UNKNOWN [0x8b204891]<<
17:45:09.156 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b336ab8]
17:45:09.156 3 CLASSPNP.SYS[b80f8fd7] -> nt!IofCallDriver -> \Device\0000006f[0x8b3564d0]
17:45:09.171 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-12[0x8b2dcd98]
17:45:09.578 AVAST engine scan C:\WINDOWS
17:45:14.078 AVAST engine scan C:\WINDOWS\system32
17:46:13.515 AVAST engine scan C:\WINDOWS\system32\drivers
17:46:22.046 AVAST engine scan C:\Documents and Settings\Admin
17:55:00.656 AVAST engine scan C:\Documents and Settings\All Users
18:06:58.078 Scan finished successfully
18:35:01.375 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Admin\Desktop\MBR.dat"
18:35:01.375 The log file has been saved successfully to "C:\Documents and Settings\Admin\Desktop\aswMBR.txt"
18:36:23.562 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Admin\Desktop\MBR.dat"
18:36:23.562 The log file has been saved successfully to "C:\Documents and Settings\Admin\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1156 Copyright© 2011 AVAST Software
Run date: 2012-01-05 18:27:27
-----------------------------
18:27:27.921 OS Version: Windows 5.1.2600 Service Pack 3
18:27:27.921 Number of processors: 2 586 0xF06
18:27:27.921 ComputerName: NICK-9897FD19A0 UserName: Admin
18:27:28.406 Initialize success
18:27:34.156 AVAST engine defs: 12010401
18:27:37.375 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-12
18:27:37.375 Disk 0 Vendor: WDC_WD3000GLFS-01F8U0 03.03V01 Size: 286167MB BusType: 3
18:27:37.375 Disk 0 MBR read successfully
18:27:37.375 Disk 0 MBR scan
18:27:37.390 Disk 0 Windows XP default MBR code
18:27:37.390 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 286157 MB offset 63
18:27:37.406 Disk 0 scanning sectors +586051200
18:27:37.437 Disk 0 scanning C:\WINDOWS\system32\drivers
18:27:43.265 Service scanning
18:27:44.781 Modules scanning
18:28:01.406 Disk 0 trace - called modules:
18:28:01.406 ntkrnlpa.exe CLASSPNP.SYS disk.sys tsk156.tmp hal.dll atapi.sys pciide.sys PCIIDEX.SYS
18:28:01.406 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b2e7ab8]
18:28:01.421 3 CLASSPNP.SYS[b80f8fd7] -> nt!IofCallDriver -> \Device\0000006e[0x8b33daa8]
18:28:01.421 5 tsk156.tmp[b7f69620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-12[0x8b29f940]
18:28:01.875 AVAST engine scan C:\WINDOWS
18:28:07.484 AVAST engine scan C:\WINDOWS\system32
18:29:08.953 AVAST engine scan C:\WINDOWS\system32\drivers
18:29:20.125 AVAST engine scan C:\Documents and Settings\Admin
18:39:48.593 AVAST engine scan C:\Documents and Settings\All Users
18:47:22.437 Scan finished successfully
18:50:18.140 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Admin\Desktop\MBR.dat"
18:50:18.171 The log file has been saved successfully to "C:\Documents and Settings\Admin\Desktop\aswMBR.txt"

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:46 PM

Posted 06 January 2012 - 02:47 PM

That's removed the infected driver. :)

That was the TDSS rootkit variant called TDL3 which likes to infected legitimate drivers. We have now replaced it with a clean copy.

Please next run OTL and we'll see if anything else remains

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#10 sinick

sinick
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:46 AM

Posted 06 January 2012 - 03:03 PM

OTL logfile created on: 1/6/2012 1:56:31 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 67.55% Memory free
5.34 Gb Paging File | 4.31 Gb Available in Paging File | 80.76% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.45 Gb Total Space | 86.84 Gb Free Space | 31.08% Space Free | Partition Type: NTFS

Computer Name: NICK-9897FD19A0 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Jump Desktop\JumpDesktop.exe (Phase Five Systems)
PRC - C:\Program Files\Jump Desktop\JumpService.exe (Phase Five Systems)
PRC - C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
PRC - C:\Documents and Settings\Admin\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
PRC - C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe (Nero AG)
PRC - C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe ()
PRC - C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe ()
PRC - C:\Program Files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe ()
PRC - C:\Program Files\Motorola Mobility\MotoCast\MotoCast.exe (Motorola Mobility Inc.)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Cobian Backup 10\cbVSCService.exe (CobianSoft, Luis Cobian)
PRC - C:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC.)
PRC - C:\Program Files\Launchy\Launchy.exe ()
PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\RocketDock\RocketDock.exe ()
PRC - C:\Program Files\UltraVNC Addons\uvnc_service.exe ()
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Styler\Styler.exe (ta2027)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Steam\bin\libcef.dll ()
MOD - C:\Program Files\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files\Steam\bin\avutil-50.dll ()
MOD - C:\Program Files\Steam\bin\avformat-52.dll ()
MOD - C:\Program Files\Steam\bin\avcodec-52.dll ()
MOD - C:\Documents and Settings\Admin\Local Settings\Temp\zumotaglib.dll6058368453612355430.lib ()
MOD - C:\Documents and Settings\Admin\Local Settings\Temp\ZumoLocalGateway.dll9073787176064036230.lib ()
MOD - C:\Documents and Settings\Admin\Local Settings\Temp\WindowsFolderWatcher.dll7868981991536678050.lib ()
MOD - C:\Documents and Settings\Admin\Local Settings\Temp\WindowsAPI.dll3312495072848587150.lib ()
MOD - C:\Program Files\Jump Desktop\JumpNetwork.dll ()
MOD - C:\Documents and Settings\Admin\Local Settings\Temp\sqlite-3.6.20-sqlitejdbc.dll ()
MOD - C:\Documents and Settings\Admin\Local Settings\Application Data\Programs\Google\MusicManager\libaudioenc.dll ()
MOD - C:\Documents and Settings\Admin\Local Settings\Application Data\Programs\Google\MusicManager\libmpgdec.dll ()
MOD - C:\Documents and Settings\Admin\Local Settings\Application Data\Programs\Google\MusicManager\libid3tag.dll ()
MOD - C:\Documents and Settings\Admin\Local Settings\Application Data\Programs\Google\MusicManager\libaacdec.dll ()
MOD - C:\Program Files\Motorola Media Link\Lite\sqlite3.dll ()
MOD - C:\Program Files\Motorola Media Link\Lite\NFileCacheDBAccess.dll ()
MOD - C:\Program Files\Motorola Media Link\Lite\NAdvLog.dll ()
MOD - C:\Program Files\Motorola Media Link\Lite\LiveupdateTactics.dll ()
MOD - C:\Program Files\Motorola Media Link\Lite\DbAccess.dll ()
MOD - C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe ()
MOD - C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstfluh264dec.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstfluaacdec.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflump3enc.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\libvorbisenc-2.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\libxml2-2.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflump3dec.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\libgstreamer-0.10.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\liborc-0.4-0.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflumpeg4video.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflumpeg2video.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\libFLAC-8.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\libjpeg-8.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\libopencore-amrnb.0.1.1.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\libgstbase-0.10.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\libwavpack-1.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\libpng14-14.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstffmpegcolorspace.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstcoreelements.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmatroska.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\libvorbis-0.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmpegdemux.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstqtdemux.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstogg.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\libgstcontroller-0.10.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\libgsttag-0.10.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\libopencore-amrwb.0.1.1.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstfluasfdemux.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstavi.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflumpegdemux.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstqtmux.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\libgstaudio-0.10.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstdshowdecwrapper.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflummssrc.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\z.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstdecodebin2.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\libgstpbutils-0.10.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstaudioconvert.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflv.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstdshowsrcwrapper.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvideoscale.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\libgstrtp-0.10.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflac.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstjpeg.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvideobox.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgsttypefindfunctions.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstsmpte.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\libgstinterfaces-0.10.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvorbis.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstsubparse.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstwavpack.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstaudioresample.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstalpha.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmpegaudioparse.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstwavparse.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\libgstriff-0.10.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmpegtsmux.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstaiff.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\libgstapp-0.10.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstgio.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\libgstvideo-0.10.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflumch264enc.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstselector.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstinterleave.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstreplaygain.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvolume.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstid3tag.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflumcaacenc.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvideocrop.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstid3demux.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstadder.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstgdp.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstautodetect.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstautoconvert.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstpng.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstequalizer.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmpegvideoparse.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmultipart.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvideorate.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\libogg-0.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmultifile.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstamrnb.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstaudiorate.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstlevel.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstauparse.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\libgstdataprotocol-0.10.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstalaw.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstalphacolor.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstcutter.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmulaw.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstapetag.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstamrwbdec.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstadpcmdec.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgsty4menc.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstcoreindexers.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libshift.dll ()
MOD - C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstapp.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\36bf3d5f05a40c9e3cadca5789c8a469\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\36c12de583ee81e9c99acb72b09d77ac\System.Security.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\d507b9e0e50e453793ee5e01c07a5485\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\Program Files\NVIDIA Corporation\nView\nvShell.dll ()
MOD - C:\Program Files\Evernote\Evernote\libtidy.dll ()
MOD - C:\Program Files\Evernote\Evernote\libxml2.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Launchy\plugins\calcy.dll ()
MOD - C:\Program Files\Launchy\plugins\gcalc.dll ()
MOD - C:\Program Files\Launchy\plugins\runner.dll ()
MOD - C:\Program Files\Launchy\plugins\weby.dll ()
MOD - C:\Program Files\Launchy\Launchy.exe ()
MOD - C:\Program Files\Launchy\plugins\verby.dll ()
MOD - C:\Program Files\Launchy\plugins\controly.dll ()
MOD - C:\Program Files\Launchy\imageformats\qmng4.dll ()
MOD - C:\Program Files\Launchy\QtGui4.dll ()
MOD - C:\Program Files\Launchy\QtNetwork4.dll ()
MOD - C:\Program Files\Launchy\QtCore4.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Program Files\RocketDock\RocketDock.exe ()
MOD - C:\Program Files\RocketDock\RocketDock.dll ()
MOD - C:\Program Files\UltraVNC Addons\uvnc_service.exe ()
MOD - C:\WINDOWS\system32\tsd32.dll ()
MOD - C:\Program Files\Styler\UNRAR\unrar.dll ()


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (JumpDesktop) -- C:\Program Files\Jump Desktop\JumpService.exe (Phase Five Systems)
SRV - (DeviceMonitorService) -- C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe (Nero AG)
SRV - (MotoHelper) -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe ()
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (PEVSystemStart) -- C:\ComboFix\pev.3XE ()
SRV - (cbVSCService) -- C:\Program Files\Cobian Backup 10\cbVSCService.exe (CobianSoft, Luis Cobian)
SRV - (tvnserver) -- C:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC.)
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (Uvnc_service) -- C:\Program Files\UltraVNC Addons\uvnc_service.exe ()
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (HP Port Resolver) -- C:\WINDOWS\system32\hpbpro.exe (Hewlett-Packard Company)
SRV - (HP Status Server) -- C:\WINDOWS\system32\hpboid.exe (Hewlett-Packard Company)


========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (NPF) WinPcap Packet Driver (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (iPodDrv) -- C:\WINDOWS\system32\drivers\iPodDrv.sys (Windows ® Codename Longhorn DDK provider)
DRV - (motccgp) -- C:\WINDOWS\system32\drivers\motccgp.sys (Motorola)
DRV - (motusbdevice) -- C:\WINDOWS\system32\drivers\motusbdevice.sys (Motorola Inc)
DRV - (V2WCDRV) -- C:\WINDOWS\system32\drivers\V2WCDRV.sys ()
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (motandroidusb) -- C:\WINDOWS\system32\drivers\motoandroid.sys (Motorola)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (MotDev) -- C:\WINDOWS\system32\drivers\motodrv.sys (Motorola Inc)
DRV - (RsFx0103) -- C:\WINDOWS\system32\drivers\RsFx0103.sys (Microsoft Corporation)
DRV - (tapvpn) -- C:\WINDOWS\system32\drivers\tapvpn.sys (The OpenVPN Project)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (motccgpfl) -- C:\WINDOWS\system32\drivers\motccgpfl.sys (Motorola)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (MotoSwitchService) -- C:\WINDOWS\system32\drivers\motswch.sys (Motorola)
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (PAC207) -- C:\WINDOWS\system32\drivers\PFC027.SYS (PixArt Imaging Inc.)
DRV - (AmdLLD) -- C:\WINDOWS\system32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (vnccom) -- C:\WINDOWS\system32\drivers\vnccom.SYS (RDV Soft)
DRV - (vncdrv) -- C:\WINDOWS\system32\drivers\vncdrv.sys (RDV Soft)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows ® 2000 DDK provider)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (JRAID) -- C:\WINDOWS\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (JGOGO) -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys (JMicron )
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local;192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://paulgraham.com/head.html"
FF - prefs.js..keyword.URL: "http://www.google.co.in/search?btnG=Google+Search&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Admin\Application Data\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Admin\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/06 02:00:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/09 08:40:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 7\components [2012/01/05 21:23:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins

[2010/11/12 17:36:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2012/01/05 18:33:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\fyrfcmdo.default\extensions
[2012/01/04 20:08:29 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\fyrfcmdo.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
[2011/11/19 20:12:13 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\fyrfcmdo.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/12/16 18:58:32 | 000,000,000 | ---D | M] (PriceBlink) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\fyrfcmdo.default\extensions\info@priceblink.com
[2011/11/08 12:50:12 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\fyrfcmdo.default\extensions\support@lastpass.com
[2011/07/06 18:16:16 | 000,002,567 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\fyrfcmdo.default\searchplugins\askcom.xml
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FYRFCMDO.DEFAULT\EXTENSIONS\{987311C6-B504-4AA2-90BF-60CC49808D42}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FYRFCMDO.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FYRFCMDO.DEFAULT\EXTENSIONS\READABLE@EVERNOTE.COM.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FYRFCMDO.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\15.0.874.120\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\15.0.874.120\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Documents and Settings\Admin\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\
CHR - Extension: Entanglement = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
CHR - Extension: Angry Birds = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Angry Birds = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\
CHR - Extension: Poppit = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2011/12/23 03:02:47 | 000,001,395 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 69.72.252.254 www.google-analytics.com.
O1 - Hosts: 69.72.252.254 ad-emea.doubleclick.net.
O1 - Hosts: 69.72.252.254 www.statcounter.com.
O1 - Hosts: 184.95.41.155 www.google-analytics.com.
O1 - Hosts: 184.95.41.155 ad-emea.doubleclick.net.
O1 - Hosts: 184.95.41.155 www.statcounter.com.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (StylerToolBar) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll (StyleFantasist)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [GBB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKCU..\Run: [Jump Desktop] C:\Program Files\Jump Desktop\JumpDesktop.exe (Phase Five Systems)
O4 - HKCU..\Run: [MotoCast] C:\Program Files\Motorola Mobility\MotoCast\MotoLauncher.lnk ()
O4 - HKCU..\Run: [MusicManager] C:\Documents and Settings\Admin\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not found
O4 - Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Styler.lnk = C:\Documents and Settings\Admin\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launchy.lnk = C:\Program Files\Launchy\Launchy.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳潌慣卬牥楶散䱜捯污匠瑥楴杮屳灁汰捩瑡潩慄慴䡜屐楄楧慴浉条湩屧敤楶散⹳浸l ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳潌慣卬牥楶散䱜捯污匠瑥楴杮屳灁汰捩瑡潩慄慴䡜屐楄楧慴浉条湩屧敨灬砮汭 ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳潌慣卬牥楶散䱜捯污匠瑥楴杮屳灁汰捩瑡潩慄慴䡜屐楄楧慴浉条湩屧敳瑴湩獧砮汭 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1235253539500 (WUWebControl Class)
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} http://www.acclaim.com/cabs/acclaim_v4.cab (GameLauncher Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1235253943156 (MUWebControl Class)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://play.battlefield-heroes.com/static/updater/BFHUpdater_4.0.15.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00B3A75B-9A9A-4EDE-9286-804A13E1D337}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/21 15:15:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Launch.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/01/06 13:50:16 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2012/01/05 21:19:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Jump Desktop
[2012/01/05 21:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\TightVNC
[2012/01/05 21:19:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\TightVNC
[2012/01/05 21:19:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TightVNC
[2012/01/05 21:18:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Phase Five Systems
[2012/01/05 21:17:56 | 000,000,000 | ---D | C] -- C:\Program Files\Jump Desktop
[2012/01/05 21:17:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Jump Desktop
[2012/01/04 17:35:27 | 004,704,768 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Admin\Desktop\aswMBR.exe
[2012/01/04 17:27:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\Downloads
[2011/12/30 10:24:14 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/12/23 14:52:26 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Admin\Desktop\TDSSKiller.exe
[2011/12/23 14:26:03 | 000,000,000 | ---D | C] -- C:\backup
[2011/12/23 13:35:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Safe mirror
[2011/12/23 13:35:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cobian Backup 10
[2011/12/23 13:35:23 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 10
[2011/12/23 13:23:45 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/12/23 13:15:58 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2011/12/23 13:10:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/23 13:08:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/23 13:08:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/23 13:08:55 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/23 13:08:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/23 13:08:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/23 13:08:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/23 03:01:51 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2011/12/23 03:01:51 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2011/12/23 03:01:51 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2011/12/22 17:02:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/12/22 15:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/22 15:36:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/12/22 14:11:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\Games
[2011/12/22 13:59:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RocketDock
[2011/12/22 13:58:58 | 000,000,000 | ---D | C] -- C:\Program Files\RocketDock
[2011/12/19 23:34:04 | 000,000,000 | ---D | C] -- C:\Program Files\doubleTwist 2.0
[2011/12/19 19:34:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Fallon.957283BD7AE99C519B762F3E2F85073ED97331F2.1
[2011/12/15 01:11:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\Saved Games
[2011/12/14 23:25:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Nicalis
[2011/12/14 00:38:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\BIT.TRIP RUNNER
[2011/12/14 00:37:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2011/12/07 22:50:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Evernote
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/06 13:50:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2012/01/05 18:51:19 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\MBR.dat
[2012/01/04 20:10:09 | 000,636,814 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/04 20:10:09 | 000,135,552 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/04 20:06:24 | 000,002,245 | ---- | M] () -- C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Styler.lnk
[2012/01/04 20:05:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/04 20:02:44 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Admin\Desktop\TDSSKiller.exe
[2012/01/04 17:35:58 | 004,704,768 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Admin\Desktop\aswMBR.exe
[2012/01/04 17:25:04 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/30 10:24:43 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/12/30 10:24:11 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2011/12/30 10:24:11 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/24 19:15:41 | 000,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2011/12/24 19:15:41 | 000,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2011/12/23 13:44:40 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Admin\defogger_reenable
[2011/12/23 13:42:21 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Defogger.exe
[2011/12/23 13:10:25 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2011/12/23 03:02:47 | 000,001,395 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/23 03:01:51 | 000,281,104 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2011/12/23 03:01:51 | 000,100,880 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2011/12/23 03:01:51 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2011/12/23 02:50:52 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/22 14:48:55 | 000,014,582 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\eixccm3c3ete1rfk2pmr4u838h7d
[2011/12/22 14:48:55 | 000,014,582 | -HS- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\eixccm3c3ete1rfk2pmr4u838h7d
[2011/12/22 13:59:01 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\RocketDock.lnk
[2011/12/22 02:47:49 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motoandroid_01007.Wdf
[2011/12/19 19:34:07 | 002,329,152 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\skimmer_1.1.73.air
[2011/12/15 03:21:34 | 000,183,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/15 03:05:22 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/14 00:16:57 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011/12/14 00:16:52 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2011/12/14 00:16:52 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgp_01007.Wdf
[2011/12/13 13:05:46 | 000,000,215 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Gratuitous Space Battles.url
[2011/12/13 13:05:46 | 000,000,187 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Cave Story+.url
[2011/12/13 13:04:31 | 000,000,196 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Super Meat Boy Editor.url
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/07 23:55:04 | 000,000,988 | ---- | M] () -- C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Dropbox.lnk
[2011/12/07 23:55:04 | 000,000,988 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Dropbox.lnk
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/04 18:35:01 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\MBR.dat
[2011/12/30 10:24:11 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2011/12/30 10:24:11 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/23 13:44:40 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\defogger_reenable
[2011/12/23 13:42:20 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Defogger.exe
[2011/12/23 13:10:25 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2011/12/23 13:10:22 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/23 13:08:55 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/23 13:08:55 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/23 13:08:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/23 13:08:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/23 13:08:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/22 14:43:58 | 000,014,582 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\eixccm3c3ete1rfk2pmr4u838h7d
[2011/12/22 14:43:58 | 000,014,582 | -HS- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\eixccm3c3ete1rfk2pmr4u838h7d
[2011/12/22 13:59:01 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\RocketDock.lnk
[2011/12/22 02:47:49 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motoandroid_01007.Wdf
[2011/12/19 19:33:49 | 002,329,152 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\skimmer_1.1.73.air
[2011/12/15 03:00:48 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/12/14 00:16:52 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2011/12/14 00:16:52 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgp_01007.Wdf
[2011/12/13 13:05:46 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Gratuitous Space Battles.url
[2011/12/13 13:05:46 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Cave Story+.url
[2011/12/13 13:04:31 | 000,000,196 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Super Meat Boy Editor.url
[2011/11/13 18:56:15 | 002,130,002 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/10/05 23:11:06 | 000,107,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/07/18 21:23:19 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2011/07/06 17:47:24 | 001,053,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\V2WCDRV.sys
[2011/04/23 16:25:49 | 000,285,336 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/04/23 16:25:49 | 000,285,336 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/04/23 16:25:49 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/04/14 10:08:31 | 000,000,197 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\D2Info0
[2011/04/14 10:08:31 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\DofusAppId0_2
[2011/04/12 23:38:28 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2010/12/18 13:59:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2010/12/01 12:40:35 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\PUTTY.RND
[2010/09/10 13:41:35 | 001,027,308 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1960408961-1177238915-839522115-1004-0.dat
[2010/09/10 13:41:31 | 000,183,978 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/03/21 19:52:28 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP207.INI
[2010/03/03 11:17:29 | 002,434,856 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_bc2.exe
[2010/02/24 01:01:07 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2010/02/10 00:45:31 | 002,116,894 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/01/05 20:37:38 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\DofusAppId3_3
[2009/12/23 14:39:24 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\DofusAppId3_2
[2009/12/23 14:26:22 | 000,000,197 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\D2Info3
[2009/12/23 14:26:22 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\DofusAppId3_1
[2009/10/27 00:19:11 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\setup_ldm.iss
[2009/10/14 21:04:33 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009/10/14 21:04:33 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009/10/14 21:04:26 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\$_hpcst$.hpc
[2009/09/15 22:00:13 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/09/13 23:42:18 | 000,032,848 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/07/22 15:34:36 | 000,000,059 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\GoodnightTimer.ini
[2009/07/17 17:32:09 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2009/06/23 13:04:48 | 000,669,184 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2009/06/18 23:58:54 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
[2009/06/18 23:58:40 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
[2009/06/18 01:22:28 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2009/05/29 20:32:48 | 000,165,062 | ---- | C] () -- C:\WINDOWS\hpqins00.dat
[2009/05/27 22:50:50 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2009/05/10 09:11:17 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/05/10 09:11:07 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/05/10 09:10:57 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/04/30 18:05:06 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/23 20:35:52 | 000,138,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/04/23 20:35:52 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\PnkBstrK.sys
[2009/04/23 20:34:04 | 000,271,200 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009/04/23 20:33:56 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2009/04/23 20:33:41 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2009/04/04 00:14:04 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/03/25 21:43:14 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2009/03/07 00:36:44 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/03/06 14:01:20 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\virport.dll
[2009/03/06 13:31:46 | 000,130,954 | ---- | C] () -- C:\WINDOWS\hpoins12.dat
[2009/03/06 13:31:45 | 000,001,470 | ---- | C] () -- C:\WINDOWS\hpomdl12.dat
[2009/02/22 17:33:06 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/22 16:21:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/02/22 09:25:28 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\fusioncache.dat
[2009/02/22 09:20:54 | 000,087,553 | ---- | C] () -- C:\WINDOWS\hpfins01.dat
[2009/02/22 09:20:54 | 000,005,428 | ---- | C] () -- C:\WINDOWS\hpfmdl03.dat
[2009/02/22 09:20:24 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2009/02/22 09:20:23 | 000,003,399 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2009/02/22 09:17:55 | 000,013,637 | ---- | C] () -- C:\WINDOWS\hpdj6800.ini
[2009/02/22 09:17:43 | 000,005,442 | ---- | C] () -- C:\WINDOWS\hpf6800m.ini
[2009/02/21 22:23:08 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/02/21 15:26:28 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/02/21 15:26:28 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/02/21 15:16:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/02/21 15:14:03 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/02/21 09:08:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/02/21 09:07:17 | 000,183,424 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/10/25 16:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2006/02/28 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 06:00:00 | 000,636,814 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 06:00:00 | 000,135,552 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 06:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/04/09 04:19:57 | 000,001,385 | ---- | C] () -- C:\WINDOWS\hpfmdl6800.dat
[2004/01/23 07:48:38 | 000,000,242 | ---- | C] () -- C:\WINDOWS\hpfins6800.dat
[1996/04/03 13:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2011/09/16 14:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\.minecraft
[2009/02/22 18:35:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\acccore
[2009/03/30 17:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Acclaim
[2009/12/23 14:26:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\app
[2011/08/07 06:09:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\AtomZombieData
[2009/10/18 16:58:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Audacity
[2010/04/26 20:24:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\AveDesk
[2010/05/23 17:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Bioshock2
[2010/12/24 22:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Braid
[2011/07/26 15:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Broken Rules
[2011/11/09 22:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Chocolate Castle
[2010/02/08 14:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\com.dmerino.tumblweed.4DE7482C14055EAD00E76B98C6C45679E421790B.1
[2009/12/20 14:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1
[2011/07/26 15:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Crayon Physics Deluxe
[2009/03/28 07:05:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Darkfall
[2011/07/12 19:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\DiskSpaceFan
[2011/04/14 10:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Dofus 2
[2009/12/23 14:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/01/05 20:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Dofus-3.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2009/12/23 14:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2009/05/04 18:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\DragonicaSCB
[2012/01/05 21:42:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Dropbox
[2009/04/12 19:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Electronic Arts
[2011/12/19 19:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Fallon.957283BD7AE99C519B762F3E2F85073ED97331F2.1
[2009/04/02 17:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\FOG Downloader
[2010/01/27 14:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\GameRanger
[2009/06/28 19:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\GetRightToGo
[2011/11/16 23:34:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Hackety Hack
[2011/06/20 20:05:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Hi-Rez Studios
[2009/08/05 17:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\ijjigame
[2009/03/13 08:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\iLike
[2011/11/09 22:43:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Jasper's Journeys
[2011/04/23 16:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Juniper Networks
[2009/04/02 16:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Larva Mortus Demo
[2010/12/18 10:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Launchy
[2011/07/26 16:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Lazy 8 Studios
[2009/08/22 00:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Leadertech
[2009/09/15 13:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Miranda
[2012/01/04 20:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\MotoCast
[2011/12/05 17:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Motorola
[2009/02/27 07:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\MSNInstaller
[2010/09/09 22:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Need for Speed World
[2011/10/22 18:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\NetSarang
[2011/12/14 23:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Nicalis
[2010/10/18 16:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Notepad++
[2009/02/27 07:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\OfficeUpdate12
[2009/10/14 21:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\PC Suite
[2012/01/05 21:18:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Phase Five Systems
[2010/12/21 19:40:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Polynomial
[2010/02/08 04:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Posty.CEC2C221E000B2446946E14B8F3CF3D0C0AFD73E.1
[2009/12/23 14:26:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2011/07/09 17:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\RIFT
[2009/11/12 16:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\runic games
[2009/10/14 21:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Samsung
[2009/02/22 16:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\SharePod
[2009/06/29 16:39:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Styler
[2010/02/10 00:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\SystemRequirementsLab
[2009/06/15 21:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\The Longest Journey Demo
[2010/04/11 14:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\TiltShift.E66C440A17F1D70FFD66FDB4568328647297CFDC.1
[2009/09/29 10:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Trillian
[2011/07/09 17:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\TS3Client
[2010/03/10 13:55:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Ubisoft
[2011/07/06 17:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Video2Webcam
[2011/11/02 00:02:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Voxatron
[2011/11/09 22:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Zen Puzzle Garden
[2009/03/07 16:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2011/03/20 15:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/12/17 23:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2011/03/20 15:04:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/05/22 22:09:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hi-Rez Studios
[2009/08/11 21:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ijjigame
[2010/02/14 21:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2010/11/24 00:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/11/30 13:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motorola
[2011/10/22 18:36:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NetSarang
[2011/06/18 19:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011/04/13 18:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/05/17 18:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Solidshield
[2009/04/22 09:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/09 23:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2011/07/06 17:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Video2Webcam
[2009/06/22 01:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/14 19:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/05 06:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/13 23:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/11 14:12:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/01/29 00:20:52 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/09/20 22:51:05 | 000,000,976 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1960408961-1177238915-839522115-1004Core.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/07/05 19:28:10 | 000,002,009 | ---- | M] ()(C:\Documents and Settings\All Users\Start Menu\Programs\Startup\?????????????????????????????????????????????????) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳潌慣卬牥楶散䱜捯污匠瑥楴杮屳灁汰捩瑡潩慄慴䡜屐楄楧慴浉条湩屧敨灬砮汭
[2011/07/05 19:28:10 | 000,000,000 | ---- | M] ()(C:\Documents and Settings\All Users\Start Menu\Programs\Startup\???????????????????????????????????????????????????) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳潌慣卬牥楶散䱜捯污匠瑥楴杮屳灁汰捩瑡潩慄慴䡜屐楄楧慴浉条湩屧敳瑴湩獧砮汭
[2011/07/05 19:28:09 | 000,003,733 | ---- | M] ()(C:\Documents and Settings\All Users\Start Menu\Programs\Startup\??????????????????????????????????????????????????l) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳潌慣卬牥楶散䱜捯污匠瑥楴杮屳灁汰捩瑡潩慄慴䡜屐楄楧慴浉条湩屧敤楶散⹳浸l
[2009/08/29 05:53:08 | 000,002,009 | ---- | C] ()(C:\Documents and Settings\All Users\Start Menu\Programs\Startup\?????????????????????????????????????????????????) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳潌慣卬牥楶散䱜捯污匠瑥楴杮屳灁汰捩瑡潩慄慴䡜屐楄楧慴浉条湩屧敨灬砮汭
[2009/08/29 05:53:08 | 000,000,000 | ---- | C] ()(C:\Documents and Settings\All Users\Start Menu\Programs\Startup\???????????????????????????????????????????????????) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳潌慣卬牥楶散䱜捯污匠瑥楴杮屳灁汰捩瑡潩慄慴䡜屐楄楧慴浉条湩屧敳瑴湩獧砮汭
[2009/08/29 05:53:07 | 000,003,733 | ---- | C] ()(C:\Documents and Settings\All Users\Start Menu\Programs\Startup\??????????????????????????????????????????????????l) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳潌慣卬牥楶散䱜捯污匠瑥楴杮屳灁汰捩瑡潩慄慴䡜屐楄楧慴浉条湩屧敤楶散⹳浸l

========== Alternate Data Streams ==========

@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:322D2CD3

< End of report >




OTL Extras logfile created on: 1/6/2012 1:56:31 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 67.55% Memory free
5.34 Gb Paging File | 4.31 Gb Available in Paging File | 80.76% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.45 Gb Total Space | 86.84 Gb Free Space | 31.08% Space Free | Partition Type: NTFS

Computer Name: NICK-9897FD19A0 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0
"UPDATESDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"58656:TCP" = 58656:TCP:*:Enabled:Pando Media Booster
"58656:UDP" = 58656:UDP:*:Enabled:Pando Media Booster
"58133:TCP" = 58133:TCP:*:Enabled:Pando Media Booster
"58133:UDP" = 58133:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"58656:TCP" = 58656:TCP:*:Enabled:Pando Media Booster
"58656:UDP" = 58656:UDP:*:Enabled:Pando Media Booster
"58133:TCP" = 58133:TCP:*:Enabled:Pando Media Booster
"58133:UDP" = 58133:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\msiexec.exe" = C:\WINDOWS\system32\msiexec.exe:*:Enabled:Windows® installer -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
"C:\Program Files\Steam\steamapps\narconick\team fortress 2\hl2.exe" = C:\Program Files\Steam\steamapps\narconick\team fortress 2\hl2.exe:*:Enabled:hl2
"C:\Program Files\Steam\steam.exe" = C:\Program Files\Steam\steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
"C:\Program Files\Bethesda Softworks\Fallout 3\Fallout3.exe" = C:\Program Files\Bethesda Softworks\Fallout 3\Fallout3.exe:*:Enabled:Fallout3
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
"C:\PandoraFox\App\Firefox\firefox.exe" = C:\PandoraFox\App\Firefox\firefox.exe:*:Enabled:Firefox
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Darkfall\Lobby.exe" = C:\Program Files\Darkfall\Lobby.exe:*:Enabled:Lobby
"C:\Documents and Settings\Admin\My Documents\My Downloads\RoM_Downloader.exe" = C:\Documents and Settings\Admin\My Documents\My Downloads\RoM_Downloader.exe:*:Enabled:FOG Downloader
"C:\Program Files\alaplaya\S4League\S4Client.exe" = C:\Program Files\alaplaya\S4League\S4Client.exe:*:Enabled:Project S4 Client.exe
"C:\Program Files\Taikodom\taikodom-game.exe" = C:\Program Files\Taikodom\taikodom-game.exe:*:Enabled:taikodom-game
"C:\Rohan_Global\rohanclient.exe" = C:\Rohan_Global\rohanclient.exe:*:Enabled:Rohan Online Game
"C:\Documents and Settings\Admin\My Documents\My Downloads\SRO_L4_Full_Client_Downloader.exe" = C:\Documents and Settings\Admin\My Documents\My Downloads\SRO_L4_Full_Client_Downloader.exe:*:Enabled:Full-Client Downloader
"C:\Program Files\ProxyWay\proxyway.exe" = C:\Program Files\ProxyWay\proxyway.exe:*:Enabled:ProxyWay
"C:\Documents and Settings\Admin\My Documents\My Downloads\YuLeech-RunesofMagic2_0_1_1821-en.exe" = C:\Documents and Settings\Admin\My Documents\My Downloads\YuLeech-RunesofMagic2_0_1_1821-en.exe:*:Enabled:FOG Downloader
"C:\Program Files\Wakfu\Wakfu.exe" = C:\Program Files\Wakfu\Wakfu.exe:*:Enabled:Wakfu Client -- (Ankama Studio)
"C:\Program Files\Proxifier\Proxifier.exe" = C:\Program Files\Proxifier\Proxifier.exe:*:Enabled:Proxifier 2.7
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jdk1.5.0_09\bin\java.exe" = C:\Program Files\Java\jdk1.5.0_09\bin\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jdk1.5.0_09\jre\bin\java.exe" = C:\Program Files\Java\jdk1.5.0_09\jre\bin\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Documents and Settings\Admin\My Documents\eclipse\eclipse.exe" = C:\Documents and Settings\Admin\My Documents\eclipse\eclipse.exe:*:Enabled:eclipse
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player
"C:\Program Files\Steam\steamapps\narconick\source sdk base\hl2.exe" = C:\Program Files\Steam\steamapps\narconick\source sdk base\hl2.exe:*:Enabled:hl2
"C:\Program Files\TimeGate Studios\Section 8 Beta Test\Binaries\S8Game-F.exe" = C:\Program Files\TimeGate Studios\Section 8 Beta Test\Binaries\S8Game-F.exe:*:Enabled:Section 8
"C:\Program Files\Starcraft\StarCraft.exe" = C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft
"C:\WINDOWS\Downloaded Program Files\PurpleBean.exe" = C:\WINDOWS\Downloaded Program Files\PurpleBean.exe:*:Enabled:PurpleBean.exe -- ()
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD
"C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
"C:\Program Files\Turbine\Dungeons and Dragons Online - Eberron Unlimited\dndclient.exe" = C:\Program Files\Turbine\Dungeons and Dragons Online - Eberron Unlimited\dndclient.exe:*:Enabled:dndclient
"C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe" = C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe:*:Enabled:TurbineMessageService
"C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe" = C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe:*:Enabled:TurbineNetworkService
"C:\Program Files\Miranda IM\miranda32.exe" = C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM
"C:\PandoraFox\firefox.exe" = C:\PandoraFox\firefox.exe:*:Enabled:Firefox
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Program Files\Trillian\trillian.exe" = C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"C:\Program Files\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe:*:Enabled:left4dead2
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager
"C:\Program Files\Electronic Arts\Dead Space\Dead Space.exe" = C:\Program Files\Electronic Arts\Dead Space\Dead Space.exe:*:Enabled:Dead Space ™
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App -- (Microsoft Corporation)
"C:\Documents and Settings\Admin\Application Data\GameRanger\GameRanger\GameRanger.exe" = C:\Documents and Settings\Admin\Application Data\GameRanger\GameRanger\GameRanger.exe:*:Enabled:GameRanger
"C:\Program Files\Steam\steamapps\common\bioshock 2\MP\Builds\Binaries\Bioshock2.exe" = C:\Program Files\Steam\steamapps\common\bioshock 2\MP\Builds\Binaries\Bioshock2.exe:*:Enabled:Bioshock 2 Multiplayer
"C:\Program Files\Steam\steamapps\common\bioshock 2\SP\Builds\Binaries\Bioshock2.exe" = C:\Program Files\Steam\steamapps\common\bioshock 2\SP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2
"C:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = C:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2
"C:\Program Files\Steam\steamapps\common\bioshock 2\SP\Builds\Binaries\Bioshock2Launcher.exe" = C:\Program Files\Steam\steamapps\common\bioshock 2\SP\Builds\Binaries\Bioshock2Launcher.exe:*:Enabled:BioShock 2
"C:\Program Files\Steam\steamapps\common\bioshock 2\MP\Builds\Binaries\Bioshock2Launcher.exe" = C:\Program Files\Steam\steamapps\common\bioshock 2\MP\Builds\Binaries\Bioshock2Launcher.exe:*:Enabled:BioShock 2
"C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead
"C:\Program Files\Steam\steamapps\common\psychonauts\PsychoLauncher.exe" = C:\Program Files\Steam\steamapps\common\psychonauts\PsychoLauncher.exe:*:Enabled:Psychonauts
"C:\Program Files\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe" = C:\Program Files\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe:*:Enabled:BioShock
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Steam\steamapps\common\torchlight\Torchlight.exe" = C:\Program Files\Steam\steamapps\common\torchlight\Torchlight.exe:*:Enabled:Torchlight
"C:\Program Files\Steam\steamapps\common\torchlight\TorchED\Editor.exe" = C:\Program Files\Steam\steamapps\common\torchlight\TorchED\Editor.exe:*:Enabled:Torchlight Editor
"C:\Program Files\StarCraft II Beta\StarCraft II.exe" = C:\Program Files\StarCraft II Beta\StarCraft II.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\StarCraft II Beta\Versions\Base15250\SC2.exe" = C:\Program Files\StarCraft II Beta\Versions\Base15250\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files\StarCraft II Beta\Versions\Base15343\SC2.exe" = C:\Program Files\StarCraft II Beta\Versions\Base15343\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files\StarCraft II Beta\Support\BlizzardDownloader.exe" = C:\Program Files\StarCraft II Beta\Support\BlizzardDownloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\StarCraft II Beta\Versions\Base15392\SC2.exe" = C:\Program Files\StarCraft II Beta\Versions\Base15392\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files\StarCraft II Beta\Versions\Base15449\SC2.exe" = C:\Program Files\StarCraft II Beta\Versions\Base15449\SC2.exe:*:Enabled:StarCraft II
"C:\WINDOWS\system32\spoolsv.exe" = C:\WINDOWS\system32\spoolsv.exe:*:Enabled:Spooler SubSystem App -- (Microsoft Corporation)
"C:\Program Files\Electronic Arts\Medal of Honor MP Beta\MoHMPUpdater.exe" = C:\Program Files\Electronic Arts\Medal of Honor MP Beta\MoHMPUpdater.exe:*:Enabled:Medal of Honor™ MP Beta
"C:\Program Files\Electronic Arts\Medal of Honor MP Beta\MoHMPGame.exe" = C:\Program Files\Electronic Arts\Medal of Honor MP Beta\MoHMPGame.exe:*:Enabled:Medal of Honor: Multiplayer
"C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe" = C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server
"C:\Documents and Settings\All Users\Application Data\Electronic Arts\Need For Speed World\Data\nfsw.exe" = C:\Documents and Settings\All Users\Application Data\Electronic Arts\Need For Speed World\Data\nfsw.exe:*:Enabled:Need for Speed World
"C:\Documents and Settings\Admin\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe" = C:\Documents and Settings\Admin\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe:*:Enabled:Juniper Terminal Services Client
"C:\Program Files\Steam\steamapps\common\resident evil 5\RE5DX9.EXE" = C:\Program Files\Steam\steamapps\common\resident evil 5\RE5DX9.EXE:*:Enabled:RESIDENT EVIL 5
"C:\Program Files\Steam\steamapps\common\recettear - demo\recettear.exe" = C:\Program Files\Steam\steamapps\common\recettear - demo\recettear.exe:*:Enabled:Recettear: An Item Shop's Tale - Demo
"C:\Program Files\Steam\steamapps\common\recettear - demo\custom.exe" = C:\Program Files\Steam\steamapps\common\recettear - demo\custom.exe:*:Enabled:Recettear: An Item Shop's Tale - Demo
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Program Files\StarCraft II\StarCraft II.exe" = C:\Program Files\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\Steam\steamapps\common\grand theft auto iv\GTAIV\GTAIV.exe" = C:\Program Files\Steam\steamapps\common\grand theft auto iv\GTAIV\GTAIV.exe:*:Enabled:Grand Theft Auto IV
"C:\Program Files\Steam\steamapps\common\batman arkham asylum goty\Binaries\ShippingPC-BmGame.exe" = C:\Program Files\Steam\steamapps\common\batman arkham asylum goty\Binaries\ShippingPC-BmGame.exe:*:Enabled:BmGame
"C:\Program Files\StarCraft II\Versions\Base17326\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base17326\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Hi-Rez Studios\games\global agenda live\Binaries\GlobalAgenda.exe" = C:\Program Files\Hi-Rez Studios\games\global agenda live\Binaries\GlobalAgenda.exe:*:Enabled:TgGame Client
"F:\eclipse\eclipse.exe" = F:\eclipse\eclipse.exe:*:Enabled:eclipse
"C:\Program Files\StarCraft II\Versions\Base15405\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:\Program Files\Steam\steamapps\narconick\counter-strike source\hl2.exe" = C:\Program Files\Steam\steamapps\narconick\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source
"C:\Program Files\StarCraft II\Versions\Base18574\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base18574\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Steam\steamapps\common\hammerfight\Hammerfight.exe" = C:\Program Files\Steam\steamapps\common\hammerfight\Hammerfight.exe:*:Enabled:Hammerfight -- ()
"C:\Program Files\Steam\steamapps\common\steelstorm\steelstorm-dedicated.exe" = C:\Program Files\Steam\steamapps\common\steelstorm\steelstorm-dedicated.exe:*:Enabled:DarkPlaces Game Engine -- (Forest Hale Digital Services)
"C:\Program Files\Steam\steamapps\common\chantelise - demo\chantelise.exe" = C:\Program Files\Steam\steamapps\common\chantelise - demo\chantelise.exe:*:Enabled:Chantelise - Demo -- (Easygamestation, Carpe Fulgur LLC)
"C:\Program Files\Steam\steamapps\common\chantelise - demo\custom.exe" = C:\Program Files\Steam\steamapps\common\chantelise - demo\custom.exe:*:Enabled:Chantelise - Demo -- ()
"C:\Program Files\Steam\steamapps\common\crayon physics deluxe\launcher.exe" = C:\Program Files\Steam\steamapps\common\crayon physics deluxe\launcher.exe:*:Enabled:Crayon Physics Deluxe -- ()
"C:\Program Files\Steam\steamapps\narconick\garrysmod\hl2.exe" = C:\Program Files\Steam\steamapps\narconick\garrysmod\hl2.exe:*:Enabled:Garry's Mod
"C:\Program Files\Steam\steamapps\common\bookworm adventures deluxe\BookwormAdventures.exe" = C:\Program Files\Steam\steamapps\common\bookworm adventures deluxe\BookwormAdventures.exe:*:Enabled:Bookworm Adventures Deluxe -- (PopCap Games, Inc.)
"C:\Program Files\Steam\steamapps\common\oblivion\OblivionLauncher.exe" = C:\Program Files\Steam\steamapps\common\oblivion\OblivionLauncher.exe:*:Enabled:The Elder Scrolls IV: Oblivion -- (Bethesda Softworks)
"C:\Program Files\Steam\steamapps\common\dead space 2\deadspace2.exe" = C:\Program Files\Steam\steamapps\common\dead space 2\deadspace2.exe:*:Enabled:Dead Space 2 -- (Electronic Arts Inc.)
"C:\Program Files\Steam\steamapps\common\dead space 2\Support\EA Help\Electronic_Arts_Technical_Support.htm" = C:\Program Files\Steam\steamapps\common\dead space 2\Support\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Dead Space 2 -- ()
"C:\Program Files\Steam\steamapps\common\amnesia the dark descent\Launcher.exe" = C:\Program Files\Steam\steamapps\common\amnesia the dark descent\Launcher.exe:*:Enabled:Amnesia: The Dark Descent -- ()
"C:\Program Files\Steam\steamapps\common\recettear\recettear.exe" = C:\Program Files\Steam\steamapps\common\recettear\recettear.exe:*:Enabled:Recettear: An Item Shop's Tale -- (Easygamestation, Carpe Fulgur LLC)
"C:\Program Files\Steam\steamapps\common\recettear\custom.exe" = C:\Program Files\Steam\steamapps\common\recettear\custom.exe:*:Enabled:Recettear: An Item Shop's Tale -- ()
"C:\Program Files\Steam\steamapps\common\cogs\cogs.exe" = C:\Program Files\Steam\steamapps\common\cogs\cogs.exe:*:Enabled:Cogs -- ()
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Steam\steamapps\common\trauma\trauma.exe" = C:\Program Files\Steam\steamapps\common\trauma\trauma.exe:*:Enabled:TRAUMA -- (Adobe Systems, Inc.)
"C:\Program Files\Steam\steamapps\common\call of duty black ops\BlackOps.exe" = C:\Program Files\Steam\steamapps\common\call of duty black ops\BlackOps.exe:*:Enabled:Call of Duty: Black Ops -- ()
"F:\Xmanager.exe" = F:\Xmanager.exe:*:Enabled:Xmanager - PC X Server Program
"F:\Xsound.exe" = F:\Xsound.exe:*:Enabled:Xsound - Xsound for Xmanager
"F:\Xftp.exe" = F:\Xftp.exe:*:Enabled:Xftp - Secure File Transfer Software
"C:\Program Files\Steam\steamapps\common\the binding of isaac\Binding_of_Isaac.exe" = C:\Program Files\Steam\steamapps\common\the binding of isaac\Binding_of_Isaac.exe:*:Enabled:The Binding Of Isaac -- (Edmund Mcmillen & Florian Himsl )
"C:\Program Files\Steam\steamapps\common\call of duty black ops\BlackOpsMP.exe" = C:\Program Files\Steam\steamapps\common\call of duty black ops\BlackOpsMP.exe:*:Enabled:Call of Duty: Black Ops - Multiplayer -- ()
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Documents and Settings\Admin\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Documents and Settings\Admin\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited)
"C:\Program Files\Steam\steamapps\common\blocks that matter\BTM_launcher_win.exe" = C:\Program Files\Steam\steamapps\common\blocks that matter\BTM_launcher_win.exe:*:Enabled:Blocks That Matter -- ()
"C:\Program Files\Steam\steamapps\common\uplink\Uplink.exe" = C:\Program Files\Steam\steamapps\common\uplink\Uplink.exe:*:Enabled:Uplink -- ()
"C:\Program Files\Steam\steamapps\common\multiwinia\multiwinia.exe" = C:\Program Files\Steam\steamapps\common\multiwinia\multiwinia.exe:*:Enabled:Multiwinia -- (Introversion Software)
"C:\Program Files\Steam\steamapps\common\darwinia\darwinia.exe" = C:\Program Files\Steam\steamapps\common\darwinia\darwinia.exe:*:Enabled:Darwinia -- (Introversion Software)
"C:\Program Files\Motorola Mobility\MotoCast\MotoCast.exe" = C:\Program Files\Motorola Mobility\MotoCast\MotoCast.exe:*:Enabled:MotoCast -- (Motorola Mobility Inc.)
"C:\Program Files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe" = C:\Program Files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe:*:Enabled:MotoCast-thumbnailer -- ()
"C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Steam\steamapps\common\spacechem\SpaceChem.exe" = C:\Program Files\Steam\steamapps\common\spacechem\SpaceChem.exe:*:Enabled:SpaceChem -- (Zachtronics Industries)
"C:\Program Files\Motorola Media Link\Lite\MML.exe" = C:\Program Files\Motorola Media Link\Lite\MML.exe:*:Enabled:MML -- (Nero AG)
"C:\Program Files\Steam\steamapps\common\super meat boy\SuperMeatBoy.exe" = C:\Program Files\Steam\steamapps\common\super meat boy\SuperMeatBoy.exe:*:Enabled:Super Meat Boy Editor -- ()
"C:\Program Files\Steam\steamapps\common\nightsky\NightSky.exe" = C:\Program Files\Steam\steamapps\common\nightsky\NightSky.exe:*:Enabled:NightSky -- ( )
"C:\Program Files\Steam\steamapps\common\gratuitous space battles\GSB.exe" = C:\Program Files\Steam\steamapps\common\gratuitous space battles\GSB.exe:*:Enabled:Gratuitous Space Battles -- ()
"C:\Program Files\Steam\steamapps\common\shank\bin\Shank.exe" = C:\Program Files\Steam\steamapps\common\shank\bin\Shank.exe:*:Enabled:Shank -- (Klei Entertainment Inc.)
"C:\Program Files\Steam\steamapps\common\steelstorm\steelstorm.exe" = C:\Program Files\Steam\steamapps\common\steelstorm\steelstorm.exe:*:Enabled:Steel Storm: Burning Retribution -- (Forest Hale Digital Services)
"C:\Program Files\Steam\steamapps\common\steelstorm\netradiant_win32\radiant.exe" = C:\Program Files\Steam\steamapps\common\steelstorm\netradiant_win32\radiant.exe:*:Enabled:Steel Storm: Burning Retribution -- ()
"C:\Program Files\Steam\steamapps\common\bit.trip runner\runner.exe" = C:\Program Files\Steam\steamapps\common\bit.trip runner\runner.exe:*:Enabled:BIT.TRIP RUNNER -- ()
"C:\Program Files\Steam\steamapps\common\frozen synapse\FrozenSynapse.exe" = C:\Program Files\Steam\steamapps\common\frozen synapse\FrozenSynapse.exe:*:Enabled:Frozen Synapse -- ()
"C:\Program Files\Steam\steamapps\common\the binding of isaac\Isaac.exe" = C:\Program Files\Steam\steamapps\common\the binding of isaac\Isaac.exe:*:Enabled:The Binding Of Isaac -- (Edmund Mcmillen & Florian Himsl )
"C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()
"C:\Program Files\Steam\steamapps\common\skyrim\SkyrimLauncher.exe" = C:\Program Files\Steam\steamapps\common\skyrim\SkyrimLauncher.exe:*:Enabled:The Elder Scrolls V: Skyrim -- (Bethesda Softworks)
"C:\Program Files\Steam\steamapps\common\dinner date\Dinner Date.exe" = C:\Program Files\Steam\steamapps\common\dinner date\Dinner Date.exe:*:Enabled:Dinner Date -- ()
"C:\Program Files\Steam\steamapps\common\portal 2\portal2.exe" = C:\Program Files\Steam\steamapps\common\portal 2\portal2.exe:*:Enabled:Portal 2 -- ()
"C:\Program Files\Steam\steamapps\common\magicka\Magicka.exe" = C:\Program Files\Steam\steamapps\common\magicka\Magicka.exe:*:Enabled:Magicka -- (Arrowhead Game Studios AB)
"C:\Program Files\Steam\steamapps\common\deus ex - human revolution\dxhr.exe" = C:\Program Files\Steam\steamapps\common\deus ex - human revolution\dxhr.exe:*:Enabled:Deus Ex: Human Revolution -- (Square Enix Limited)
"C:\Program Files\Jump Desktop\JumpWinClient.exe" = C:\Program Files\Jump Desktop\JumpWinClient.exe:*:Enabled:Jump Desktop Viewer -- (Phase Five Systems)
"C:\Program Files\Jump Desktop\JumpDesktop.exe" = C:\Program Files\Jump Desktop\JumpDesktop.exe:*:Enabled:Jump Desktop Tray Application -- (Phase Five Systems)
"C:\Program Files\Jump Desktop\JumpService.exe" = C:\Program Files\Jump Desktop\JumpService.exe:*:Enabled:Jump Desktop Service -- (Phase Five Systems)
"C:\Program Files\TightVNC\tvnserver.exe" = C:\Program Files\TightVNC\tvnserver.exe:*:Enabled:TightVNC Server -- (GlavSoft LLC.)
"C:\Program Files\TightVNC\vncviewer.exe" = C:\Program Files\TightVNC\vncviewer.exe:*:Enabled:TightVNC Viewer -- (TightVNC Group)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{028814FB-D05F-495E-81D7-636A87321025}" = CreativeProjectsTemplates
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{11680998-6792-4DE9-8DE1-D6D041418B26}" = SkinsHP1
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1D7CE340-70C3-4848-BCCF-215950328A4C}" = Facebook Video Calling 1.0.0.8953
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{24557DC0-0839-496f-82F9-C4EB72EFE4FA}" = HP Deskjet All-In-One Software 8.0
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 26
"{2A710662-702F-4527-A703-792D366AF625}" = Xftp 4
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2F6CF9E4-91EC-45BB-B5C5-9B31DACC429C}" = Motorola Mobile Drivers Installation 5.3.0
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{32A3A4F4-B792-11D6-A78A-00B0D0150090}" = J2SE Development Kit 5.0 Update 9
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3662AF19-6E4B-4F6D-A61C-F3CB6D67097D}" = QuickProjects
"{378397D6-FD32-4092-A854-6A75CB7EDA46}" = MOTOROLA MEDIA LINK
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{5401CEE8-3C2D-4835-A802-213306537FF4}" = MotoCast
"{5454085C-840F-4070-8FAA-441000028301}" = BioShock 2
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6102D63A-9387-4FC8-98E4-181121F8C0BA}" = MPlugin_USA
"{641410DD-5F16-4DEA-83C9-36D2D290FC18}" = Jump Desktop
"{657F8B33-CBBB-45F4-9087-274F22C89400}" = DJ_AIO_ProductContext
"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3
"{66D475AE-F18B-43A0-8BAF-61AF4403E339}" = Webcam 1200
"{696C94BC-44BC-4B8E-ABAA-6FFC0F11A6D3}" = PhotoGallery
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6A28AB0B-22B1-494C-AF61-B386EA1736C0}" = LightScribe 1.4.97.1
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{7107A761-B2F7-4BB0-84DA-CD90B562A72D}" = Director
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty® - World at War™ 1.7 Patch
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DDEABFB-0621-4321-B385-CB86D3A6F90F}" = F4100
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{827ECAB7-3F8E-4A66-A663-67A8F678536C}" = CreativeProjects
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CE152BA-1D16-11E1-867D-984BE15F174E}" = Evernote v. 4.5.2
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{92E0213D-2D81-4AC0-B9E5-BCB3AB8C2F9E}" = HP Deskjet 6800
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9ECB4705-B9CB-405A-B6D4-33BDF707308E}" = DJ_AIO_Software
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{ACE22C48-49D7-4531-BE20-5C3D03393AB6}" = F4100_Help
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B0B921DC-B86A-41FE-BF4C-BC7D3026918B}" = HuxleyTheDystopia
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.95
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3A77A42-DCF7-4830-AE0E-8CEE34A76200}" = CueTour
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B81023A5-71ED-46EB-BE3B-9F974D1155F1}" = HP Software Update
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BF0668D2-AFE3-47A7-BA80-3BBAFEE5524C}" = Xmanager Enterprise 4
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C3502B86-FAC7-43AA-82D8-AB30EC51596A}" = PrintScreen
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"{DC83F417-8068-4074-BA2F-C4F8AB872556}" = DJ_AIO_Software_min
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}" = Styler
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"274c5407c4fa26908310cb5c1c5000001954585180" = NetBeans IDE 5.0
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon Kindle" = Amazon Kindle
"Audacity_is1" = Audacity 1.2.6
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner
"CobBackup10" = Cobian Backup 10
"comtypes-py2.5" = Python 2.5 comtypes-0.6.2
"CSCLIB" = Canon Camera Support Core Library
"Defraggler" = Defraggler
"DeskJet 6800 Installer" = HP Deskjet 6800
"Disk Space Fan_is1" = Disk Space Fan 1.4.4.5
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Photo & Imaging" = HP Photo & Imaging 4.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty® - World at War™ 1.6 Patch
"InstallShield_{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty® - World at War™ 1.3 Patch
"InstallShield_{2A710662-702F-4527-A703-792D366AF625}" = Xftp 4
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty® - World at War™ 1.2 Patch
"InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty® - World at War™ 1.7 Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty® - World at War™ 1.4 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty® - World at War™ 1.1 Patch
"InstallShield_{BF0668D2-AFE3-47A7-BA80-3BBAFEE5524C}" = Xmanager Enterprise 4
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty® - World at War™ 1.5 Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Jack Claw_is1" = Jack Claw
"JCreator LE_is1" = JCreator LE 4.00
"jGRASP" = jGRASP
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Launchy_21344213_is1" = Launchy 2.5
"LOSI" = LOSI 0.4.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
"MotoHelper" = MotoHelper 2.1.26 Driver 5.3.0
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 10.0 (x86 en-US)" = Mozilla Firefox 10.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.12
"OpenAL" = OpenAL
"PIL-py2.5" = Python 2.5 PIL-1.1.6
"psyco-py2.5" = Python 2.5 psyco-1.6
"PunkBusterSvc" = PunkBuster Services
"pywin32-py2.5" = Python 2.5 pywin32-216
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"Recuva" = Recuva (remove only)
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"RocketDock_is1" = RocketDock 1.3.5
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SpeedFan" = SpeedFan (remove only)
"StarCraft II" = StarCraft II
"Steam App 105600" = Terraria
"Steam App 111800" = Blocks That Matter
"Steam App 113200" = The Binding Of Isaac
"Steam App 1500" = Darwinia
"Steam App 1510" = Uplink
"Steam App 1520" = DEFCON
"Steam App 1530" = Multiwinia
"Steam App 200900" = Cave Story+
"Steam App 22330" = The Elder Scrolls IV: Oblivion
"Steam App 240" = Counter-Strike: Source
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 26500" = Cogs
"Steam App 26900" = Crayon Physics Deluxe
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 3470" = Bookworm Adventures Deluxe
"Steam App 4000" = Garry's Mod
"Steam App 40800" = Super Meat Boy
"Steam App 40810" = Super Meat Boy Editor
"Steam App 41100" = Hammerfight
"Steam App 41800" = Gratuitous Space Battles
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 42910" = Magicka
"Steam App 440" = Team Fortress 2
"Steam App 47780" = Dead Space 2
"Steam App 48010" = LIMBO Demo
"Steam App 550" = Left 4 Dead 2
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 6120" = Shank
"Steam App 620" = Portal 2
"Steam App 63710" = BIT.TRIP RUNNER
"Steam App 70300" = VVVVVV
"Steam App 70410" = Recettear: An Item Shop's Tale - Demo
"Steam App 70430" = Chantelise - Demo
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 92800" = SpaceChem
"Steam App 94000" = Dinner Date
"Steam App 94200" = Jamestown
"Steam App 96200" = Steel Storm: Burning Retribution
"Steam App 98100" = TRAUMA
"Steam App 98200" = Frozen Synapse
"Steam App 99700" = NightSky
"SystemRequirementsLab" = System Requirements Lab
"TightVNC" = TightVNC 2.0.2
"Tweak UI 2.10" = Tweak UI
"Unofficial Oblivion Patch_is1" = Unofficial Oblivion Patch v3.2.0
"ViewpointMediaPlayer" = Viewpoint Media Player
"Voxatron" = Voxatron 0.1.3
"WakfuNorthAmerica" = Wakfu
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wrye Bash" = Wrye Bash
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"wxPython2.8-ansi-py25_is1" = wxPython 2.8.11.0 (ansi) for Python 2.5
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Flux" = F.lux
"Google Chrome" = Google Chrome
"LastPass" = LastPass (uninstall only)
"MusicManager" = Music Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/30/2011 5:00:18 AM | Computer Name = NICK-9897FD19A0 | Source = NativeWrapper | ID = 5000
Description =

Error - 12/30/2011 2:20:05 PM | Computer Name = NICK-9897FD19A0 | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.60.0.59, faulting module
version.dll, version 5.1.2600.5512, fault address 0x00001ddc.

Error - 12/31/2011 5:00:20 AM | Computer Name = NICK-9897FD19A0 | Source = NativeWrapper | ID = 5000
Description =

Error - 1/1/2012 5:00:20 AM | Computer Name = NICK-9897FD19A0 | Source = NativeWrapper | ID = 5000
Description =

Error - 1/1/2012 1:53:20 PM | Computer Name = NICK-9897FD19A0 | Source = NativeWrapper | ID = 5000
Description =

Error - 1/2/2012 5:00:17 AM | Computer Name = NICK-9897FD19A0 | Source = NativeWrapper | ID = 5000
Description =

Error - 1/3/2012 5:00:17 AM | Computer Name = NICK-9897FD19A0 | Source = NativeWrapper | ID = 5000
Description =

Error - 1/4/2012 5:00:17 AM | Computer Name = NICK-9897FD19A0 | Source = NativeWrapper | ID = 5000
Description =

Error - 1/5/2012 5:00:20 AM | Computer Name = NICK-9897FD19A0 | Source = NativeWrapper | ID = 5000
Description =

Error - 1/6/2012 5:00:19 AM | Computer Name = NICK-9897FD19A0 | Source = NativeWrapper | ID = 5000
Description =

[ System Events ]
Error - 1/6/2012 3:59:27 PM | Computer Name = NICK-9897FD19A0 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/6/2012 3:59:27 PM | Computer Name = NICK-9897FD19A0 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/6/2012 3:59:27 PM | Computer Name = NICK-9897FD19A0 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/6/2012 3:59:27 PM | Computer Name = NICK-9897FD19A0 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/6/2012 3:59:27 PM | Computer Name = NICK-9897FD19A0 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/6/2012 3:59:27 PM | Computer Name = NICK-9897FD19A0 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/6/2012 3:59:27 PM | Computer Name = NICK-9897FD19A0 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/6/2012 3:59:27 PM | Computer Name = NICK-9897FD19A0 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/6/2012 3:59:27 PM | Computer Name = NICK-9897FD19A0 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/6/2012 3:59:27 PM | Computer Name = NICK-9897FD19A0 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058


< End of report >

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:46 PM

Posted 06 January 2012 - 07:42 PM

Open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
SRV - (AppMgmt) -- File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not found
[2011/12/22 14:48:55 | 000,014,582 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\eixccm3c3ete1rfk2pmr4u838h7d
[2011/12/22 14:48:55 | 000,014,582 | -HS- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\eixccm3c3ete1rfk2pmr4u838h7d
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:322D2CD3
:commands
[EmptyTemp]
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Please follow that with an ESET scan

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply
If no log is generated that means nothing was found. Please let me know if this happens.
Posted Image
m0le is a proud member of UNITE

#12 sinick

sinick
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:46 AM

Posted 06 January 2012 - 11:52 PM

All processes killed
========== OTL ==========
Service AppMgmt stopped successfully!
Service AppMgmt deleted successfully!
File File not found not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\flags deleted successfully.
C:\Documents and Settings\All Users\Application Data\eixccm3c3ete1rfk2pmr4u838h7d moved successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\eixccm3c3ete1rfk2pmr4u838h7d moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:322D2CD3 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 195624401 bytes
->Temporary Internet Files folder emptied: 62051605 bytes
->Java cache emptied: 6797101 bytes
->FireFox cache emptied: 192403154 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 81843 bytes

User: Administrator
->Temporary Internet Files folder emptied: 204550 bytes

User: Administrator.NICK-9897FD19A0
->Temporary Internet Files folder emptied: 32768 bytes

User: Administrator.NICK-9897FD19A0.000
->Temporary Internet Files folder emptied: 204550 bytes

User: Administrator.NICK-9897FD19A0.001
->Temporary Internet Files folder emptied: 204550 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 533294236 bytes
->Java cache emptied: 24056 bytes
->Flash cache emptied: 31978 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2733912 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 52617623 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 209349122 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 23630690 bytes
RecycleBin emptied: 254752711 bytes

Total Files Cleaned = 1,463.00 mb

========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.31.0 log created on 01062012_201301

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...






For the ESET scanner, it said it found and removed 6 infections, but I didn't see a log file generated in the scan window. A Google search said the log files are located on my computer in C:\Program Files\ESET\ESET Online Scanner\log.txt, so I'll post that.





ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f5818c564cc3784699040765897064a6
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-07 04:39:09
# local_time=2012-01-06 10:39:09 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 71902062 71902062 0 0
# compatibility_mode=1024 16777215 100 0 67054988 67054988 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=242402
# found=6
# cleaned=6
# scan_time=6826
C:\backup\C 2011-12-23 17;01;18.zip multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Admin\My Documents\Downloads\SuperOneClickv2.3.2-ShortFuse.zip multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Admin\My Documents\Downloads\SuperOneClickv2.3.3-ShortFuse.zip multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Admin\My Documents\Downloads\SuperOneClickv2.3.3-ShortFuse\Exploits\psneuter Linux/Exploit.Lotoor.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Admin\My Documents\Downloads\SuperOneClickv2.3.3-ShortFuse\Exploits\zergRush Linux/Exploit.Lotoor.AN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\mrxsmb.sys.vir Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok

Edited by sinick, 06 January 2012 - 11:53 PM.


#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:46 PM

Posted 07 January 2012 - 05:20 PM

Your problems came in through this downloaded program:

SuperOneClickv2.3.3-ShortFuse


The bottom one is Combofix's quarantine Qoobox as ESET removes the rootkit file from it.


How is the machine running now?
Posted Image
m0le is a proud member of UNITE

#14 sinick

sinick
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:46 AM

Posted 07 January 2012 - 07:04 PM

When I rebooted my machine, the keyboard and mouse were still turned off during the boot time when I would usually be able to press F8 to enter safe mode.

The three "box" applications still came up when my computer started. When I tried to open them with Firefox, it said that the program in "c:\Documents and Settings\All Users\start menu\Programs\startup" did not exist for each entry, so I went to that folder and deleted the three "box" entries that were there.

Also on reboot, I received a "Microsoft Error Reporting" window with the "Some unexpected errors have happened to software you recently used. You were not asked to send these error reports at the time they occurred.", and it lists 3 errors from the application "NDP1.1sp1-KB2572067-X86", and the error description is "Queue Servicing Report". All of the entries are of 1.5KB, and occurred on 1/7, 1/5, and 1/6 at 3:00:15am, 3:00:20am, and 3:00:19am respectively. When I click on the "What data does this error report contain?" link, it lists the EventType as "visualstudio7x80update". This may be unrelated to my problems, but I thought I'd mention it.

If it is related, I can include pictures of the Error Reporting window if needed, I'm leaving the window open for now.

I am not receiving browser redirects yet, but they were scarce and somewhat random to begin with, so I'll update this post if I get them in the future.

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:46 PM

Posted 07 January 2012 - 07:21 PM

This doesn't look related to what we're doing. Please scan with ESET for a final clean up.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply
If no log is generated that means nothing was found. Please let me know if this happens.


Please then run MiniToolbox, it might help me pin down the error

Please download MiniToolBox, save it to your desktop and run it.

Checkmark following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size.
  • List Minidump Files.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users